Subject: routing problems across disjoint segments
To: None <netbsd-help@netbsd.org>
From: Paul Newhouse <newhouse@rockhead.com>
List: netbsd-help
Date: 03/31/1999 00:40:37
platform-i386 (running current as of 3/23/99)
HELP!!!! I'm in over my head with routing problems. I'm hoping I just have
my head on crooked and this isn't as messy as I'm making it.
Sorry about the length but, I tried to include everything that seemed relevant.
I list 3 problems at the end. my configuration looks like:
206.100.6.209 (ISP)
|
|
206.100.6.73 (FlowPoint WAN side)
|
|
+-----------+
+--| FlowPoint |
| +-----------+
| (205.219.89.40/29) (205.219.89.40/29)
| rtr newhouse big-box
| 205.219.89.41 <--> 205.219.89.46 +----------------+ 205.219.89.45
+------------DSL connection----------|de1 de0|-------hub
(Flowpoint LAN side) | | |||
| rockhead.com | |||
| NetBSD box | +---+|+---+
c528574-a | | | | |
24.1.4.193 <--> 24.1.4.200/32 | | | | .44
-----------cable connection---------|ne0 | | .43 glorias-pc
(@home) +----------------+ .42 w95
pimin
Kernels on newhouse & pimin are built with GATEWAY option selected.
from newhouse rc.conf:
hostname="newhouse"
domainname="rockhead.com"
defaultroute="rtr"
net_interfaces="de1 de0 ne0"
routed=YES routed_flags="-s"
newhouse /etc/ifconfig.de0:
inet 205.219.89.45 netmask 255.255.255.248 broadcast 205.219.89.47
newhouse /etc/ifconfig.de1:
inet 205.219.89.46 netmask 255.255.255.248 broadcast 205.219.89.47
newhouse /etc/ifconfig.ne0:
inet 24.1.4.200 netmask 255.255.255.224
newhouse netstart.local does:
/sbin/route add 24.1.4.193 24.1.4.200
/usr/sbin/arp -d pimin
/usr/sbin/arp -d w95
/usr/sbin/arp -d glorias-pc
/usr/sbin/arp -f /etc/arp.conf
newhouse /etc/arp.conf:
pimin 00:40:05:a0:4e:b2 pub
w95 00:40:05:36:72:a7 pub
glorias-pc 00:40:05:42:c3:b8 pub
newhouse netstat -nr looks like:
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 205.219.89.41 UGS 5 6482 - de1
24.1.4.192/27 link#3 UC 0 0 - ne0
24.1.4.193 24.1.4.200 UGHS 0 221 - ne0
24.1.4.200 00:c0:26:38:80:71 UHL 1 0 - lo0
127.0.0.1 127.0.0.1 UH 1 123 - lo0
205.219.89.40/29 link#2 UC 0 0 - de1
205.219.89.41 00:20:6f:02:fa:bb UHL 3 0 - de1
205.219.89.42 00:40:05:a0:4e:b2 UHL 2 3007 - de1
205.219.89.45 00:40:05:a0:41:2a UHL 0 20 - lo0 =>
205.219.89.45/32 link#1 UC 0 0 - de0
205.219.89.46 00:40:05:42:35:d0 UHL 0 0 - lo0
206.100.6.73 205.219.89.41 UGHS 0 0 - de1
206.100.6.74 205.219.89.41 UGHS 0 0 - de1
newhouse /etc/ipf.conf rules:
pass out log quick on de1 to de0:205.219.89.42 from any to 205.219.89.42/32
pass out log quick on de0 to de1:205.219.89.41 from 205.219.89.42/32 to any
pass in log quick on de1 to de0:205.219.89.42 from any to 205.219.89.42/32
(same set for each of .43 & .44)
on pimin /etc/rc.conf
hostname="pimin" # if blank, use /etc/myname
domainname="rockhead.com" # if blank, use /etc/defaultdomain
defaultroute="big-box" # if blank, use /etc/mygate
pimin netstat -nr looks like:
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 205.219.89.45 UGS 0 254 - de0
127.0.0.1 127.0.0.1 UH 1 44 - lo0
205.219.89.40/29 link#1 UC 0 0 - de0
205.219.89.41 00:20:6f:02:fa:bb ULS2 0 0 - de0
205.219.89.42 00:40:05:a0:4e:b2 UHL 0 6 - lo0
205.219.89.45 00:40:05:a0:41:2a UHL 3 1349 - de0
205.219.89.46 00:40:05:42:35:d0 UHL 1 42 - de0
pimin /etc/ifconfig.de0:
inet 205.219.89.42 netmask 255.255.255.248 broadcast 205.219.89.47
pimin /etc/netstart.local
/usr/sbin/arp -d newhouse
/usr/sbin/arp -d rtr
/usr/sbin/arp -f /etc/arp.conf
pimin /etc/arp.conf
rtr 00:20:6f:02:fa:bb pub
newhouse 00:40:05:42:35:d0 pub
=============== PROBLEMS ==============
Problem #1:
I can ftp from .42 to .45 and I can rsh from .42 to .45 and run an xterm BUT
from .45 I can't ping .42, .43 or .44 from from that xterm.
From .42 I can't ping .46 (or anything beyond it) from .42.
Problem #2: de0: unable to load tx map, error=22
I tried to add "mediaopt half-duplex" to ifconfig.de0 but, it refuses to config
the device at all. Since this is connected to a hub I don't think I can do full
duplex, I think tx means it's trying to go full duplex? The connection between
machines hangs shortly after I start seeing the error messages.
How do I set the device to half duplex? Or is this a different problem?
Problem #3: @home assigned a fixed ip address (they "realize Unix can't do DHCP" !?!? *8^)
Wolfgang Rupprecht suggested the following to force incoming traffic on ne0 to
be sent back on ne0:
pass out log quick on de1 to ne0:24.1.4.193 from 24.1.4.200 to any
Thanks, as I said in earlier mail, I never would have figured that one out.
But in this situation it seems not to work quite right. If I ping from a
remote machine (dnai-207-181-199-194.dsl.dnai.com): I can use tcpdump -i ne0
and see packets being returned but, they never get back to the pinging machine???
I suspect the source address is wrong and @home filters them out (but, I'm not
sure)? The traffic on ne0 looks like:
12:14:10.663987 dnai-207-181-199-194.dsl.dnai.com > c528574-a.stcla1.sfba.home.com: \
icmp: echo request
12:14:10.664061 c528574-a.stcla1.sfba.home.com > dnai-207-181-199-194.dsl.dnai.com: \
icmp: echo reply
12:14:11.647112 dnai-207-181-199-194.dsl.dnai.com > c528574-a.stcla1.sfba.home.com: \
icmp: echo request
12:14:11.647187 c528574-a.stcla1.sfba.home.com > dnai-207-181-199-194.dsl.dnai.com: \
icmp: echo reply
Is their some simpler way to get all this working?!?!?!
TIA,
Paul