Subject: Gateway problem: was Resolv.conf Help Needed
To: None <netbsd-help@netbsd.org>
From: Michael Owens <owensmk@earthlink.net>
List: netbsd-users
Date: 06/28/2001 15:49:51
Ok, this is not a resolver problem. It is a gateway problem I think.
I can ping outside of the gateway, but I cannot telnet or anything else,
which explains the resolver failure: nothing is getting routed out. Locally,
everything works, but if I try to telnet to a machine outside the nework, I
get:
telnet: Unable to connect to remote host: Can't assign requested address.
But I _can_ ping out. And I can telnet out from another machine on the same
network using the same gateway.
So I must have not configured NetBSD's default gateway properly. I set the
default route in installation, and in rc.local. I also deleted and reset it
using "route add default 10.10.10.101", but to no avail.
Any ideas? When I tried the FTP install, the installer had the same problem
--- said it could not connect to the FTP site.
The NetBSD machine is behind an OpenBSD firewall running NAT and IPF. There
are no restrictions for outgoing connections. I can assure you though that
the gateway and name servers are working properly. All of our staff are using
the OpenBSD NAT box for Internet access. I am emailing this message through
it from a FreeBSD machine sitting on the same network. So I know I've
improperly configured or messed up the NetBSD box's routing somehow, I just
don't know what or where.
Here is some information on the current settings:
bash-2.04# route get 204.152.186.171
route get 204.152.186.171
route to: 204.152.186.171
destination: default
mask: default
gateway: 10.10.10.101
local addr: mike
interface: sip0
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu
expire
0 0 0 0 0 0 1500
0
bash-2.04# telnet 204.152.186.171
telnet 204.152.186.171
Trying 204.152.186.171...
telnet: Unable to connect to remote host: Can't assign requested address
bash-2.04# telnet 10.10.10.205
telnet 10.10.10.205
Trying 10.10.10.205...
Connected to 10.10.10.205.
Escape character is '^]'.
backup login:
-------<quit>-----------
bash-2.04# netstat -rn
netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 10.10.10.101 UGS 0 0 1500 sip0
10.10.10/24 link#1 UC 0 0 1500 sip0
10.10.10.99 00:d0:b7:18:5f:6c UHL 0 0 1500 sip0
10.10.10.101 00:00:c5:83:95:58 UHL 1 7 1500 sip0
10.10.10.200 00:50:04:f1:c8:d6 UHL 2 4466 1500 sip0
10.10.10.203 00:90:27:f6:96:e2 UHL 0 7 1500 sip0
10.10.10.205 00:02:b3:07:ac:43 UHL 1 43 1500 sip0
127 127.0.0.1 UGRS 0 0 33228 lo0
127.0.0.1 127.0.0.1 UH 1 8 33228 lo0
XNS:
Destination Gateway Flags Refs Use Mtu Interface
ISO:
Destination Gateway Flags Refs Use Mtu Interface
X.25:
Destination Gateway Flags Refs Use Mtu Interface
AppleTalk:
Destination Gateway Flags Refs Use Mtu Interface
Internet6:
Destination Gateway Flags Refs
Use Mtu Interface
::/104 ::1 UGRS 0
0 33228 sip0 =>
::/96 ::1 UGRS 0
0 33228 sip0
::1 ::1 UH 12
0 33228 lo0
::127.0.0.0/104 ::1 UGRS 0
0 33228 sip0
::224.0.0.0/100 ::1 UGRS 0
0 33228 sip0
::255.0.0.0/104 ::1 UGRS 0
0 33228 sip0
::ffff:0.0.0.0/96 ::1 UGRS 0
0 33228 sip0
2002::/24 ::1 UGRS 0
0 33228 sip0
2002:7f00::/24 ::1 UGRS 0
0 33228 sip0
2002:e000::/20 ::1 UGRS 0
0 33228 sip0
2002:ff00::/24 ::1 UGRS 0
0 33228 sip0
fe80::/10 ::1 UGRS 0
0 33228 sip0
fe80::%sip0/64 link#1 UC 0
0 1500 sip0
fe80::1%sip0 ::1 UH 0
0 33228 lo0
fe80::%lo0/64 fe80::1%lo0 U 0
0 33228 lo0
fec0::/10 ::1 UGRS 0
0 33228 sip0
ff01::/32 ::1 U 0
0 33228 lo0
ff02::%sip0/32 link#1 UC 0
0 1500 sip0
ff02::%lo0/32 fe80::1%lo0 UC 0
0 33228 lo0
bash-2.04# ifconfig -a
ifconfig -a
sip0:
flags=fbff<UP,BROADCAST,DEBUG,LOOPBACK,POINTOPOINT,NOTRAILERS,RUNNING,NOARP,PROMISC,ALLMULTI,SIMPLEX,LINK0,LINK1,LINK2,MULTICAST>
mtu 1500
address: 9c:67:73:cd:98:a8
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 10.10.10.167 -> 10.10.10.255 netmask 0xffffff00 broadcast
10.10.10.255
inet6 fe80::1%sip0 -> :: prefixlen 64 scopeid 0x1
inet6 ::1 -> ::1 prefixlen 128
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33228
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet6 ::1 prefixlen 128
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
strip0: flags=0<> mtu 1100
strip1: flags=0<> mtu 1100
tun0: flags=10<POINTOPOINT> mtu 1500
tun1: flags=10<POINTOPOINT> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gre1: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
ipip0: flags=8010<POINTOPOINT,MULTICAST>
ipip1: flags=8010<POINTOPOINT,MULTICAST>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
On Thursday 28 June 2001 13:40, Michael Owens wrote:
> Yes, I tried tcpdump, and there are no packets sent out. Nothing. nslookup
> just returns with the "Can't find server name . . ." without even trying. I
> even looked up the name server names using whois and put them in /etc/hosts
> as it seems that it wants to reverse DNS their addresses.
>
> One thing that did work, oddly enough, is if I used a caching nameserver on
> the same subnet (10.10.10.203). And it showed up on tcpdump. Then NetBSD
> would resolve names using that nameserver. It's only if the name servers
> are outside of the local network that name resolution doesn't work. I don't
> understand. I modified the networks line in nsswitch.conf to
>
> networks: files [notfound=continue] dns
>
> and also removed the domain line from resolv.conf as someone else
> suggested. But this doesn't change anything.
>
> It is true that the name servers are behind a firewall, but none of the
> other systems have trouble reaching/using them, as the firewall allows port
> 53 TCP and UDP.
>
> On Thursday 28 June 2001 12:31, you wrote:
> > On Thu, Jun 28, 2001 at 10:37:44AM -0500, Michael Owens wrote:
> > > I modified the nsswitch.conf, but to no avail. But I can ping the name
> > > servers fine. When I do nslookup, the exact error is
> > >
> > >
> > > root@mike> nslookup yahoo.com.
> > > nslookup yahoo.com.
> > > *** Can't find server name for address 216.140.16.254: No response from
> > > server *** Can't find server name for address 216.140.17.254: No
> > > response from server *** Default servers are not available
> >
> > Hum, isn't there some kind of filtering router between the
> > nameserevers and your host, which could block UDP packets ?
> >
> > Did you try running 'tcpdump -n' when running nslookup, to see what
> > happens on the wire ?
> >
> > --
> > Manuel Bouyer <bouyer@antioche.eu.org>
> > --