Subject: Intermittent problem with NAT over a wireless connection
To: None <netbsd-help@netbsd.org>
From: Christian von Kleist <cvk@zybx.com>
List: netbsd-help
Date: 11/04/2005 13:06:41
I have a problem using a wireless connection with NetBSD-current, but
the same problem has occurred since 1.6.2.
My apartment complex provides free wireless internet access, so I use a
wireless card in my NetBSD-based router to do NAT for my wired network.
Everything is set up in a very straightforward manor: The router
connects to the apartment complex's access point via wi0 (which is a
PRISM-2.5-based card from Netgear) and does NAT using this simple
ipnat.conf:
/etc/ipnat.conf:
map wi0 192.168.2.0/24 -> 0/32 portmap tcp/udp 40000:60000
map wi0 192.168.2.0/24 -> 0/32
(192.168.2.0/24 is my wired network)
The IP of the apartment complex's AP is 192.168.0.1, so 192.168.0.1 is
default route on my router (which is running HEAD from about two weeks ago).
This is a simple setup that works just great...but only for about one to
three days at a time. After a while, the NAT stops working, even though
wi0 is still up and active. When this problem occurs, doing `ping
192.168.0.1` from my router works, but there is a 20-second (exactly)
delay every time a new ping command runs, like this:
bash-3.00# time ping -c 1 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=3.599 ms
----192.168.0.1 PING Statistics----
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.599/3.599/3.599/0.000 ms
real 0m20.048s
user 0m0.000s
sys 0m0.007s
Once the problem occurs, pinging an internet IP doesn't work at all:
bash-3.00# ping 69.56.215.62 # the IP of a server i rent
PING 69.56.215.62 (69.56.215.62): 56 data bytes
^C
----69.56.215.62 PING Statistics----
140 packets transmitted, 0 packets received, 100.0% packet loss
If I delete the default route, I can ping the apartment complex's AP
with `ping 192.168.0.1` and there is no delay, but of course the NAT no
longer works for the machines on my wired network because my router
doesn't have a default route.
I'm sure the problem isn't with the apartment complex's AP. During all
of this I can continue to use it flawlessly from my iBook (via its
Airport Extreme card), and my roommate can simultaneously use the AP
with the wireless card in his PC-laptop (some wireless adapter from
Linksys). Resetting the apartment complex's AP doesn't fix it, and if I
connect my router to the free access point of the apartment complex
across the street, the same problem occurs after about the same amount
of time.
I can fix the problem once it occurs by deleting the default route and
waiting approximately ten minutes. Then I add the route again and
everything works perfectly! However, it fails again after about the
same amount of time.
I have discovered that the problem occurs more frequently when the
connection is used heavily, and less frequently when it is used lightly.
I can make it happen immediately by seeding two or three bittorrents.
After a few hundred hosts connect, the NAT stops working within seconds.
However, I can seed the same torrents at the same time on my iBook
(using its wireless card to connect to the AP) and everything works
perfectly!
What could I be doing wrong? I would be very grateful for any insight
on how to fix this problem or better diagnose it.
Thanks in advance! :)
-- Christian von Kleist
This is what the situation is like after the problem occurs:
bash-3.00# uname -a
NetBSD iyashii.asdf.com 3.99.10 NetBSD 3.99.10 (GENERIC) #0: Wed Oct 19
11:23:50 UTC 2005
builds@b4.netbsd.org:/home/builds/ab/HEAD/i386/200510190000Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/GENERIC
i386
# here's my wireless card setup
bash-3.00# wlanctl wi0
wi0: mac 00:40:05:xx:xx:xx bss 00:40:05:c8:36:00
node flags 0001<bss>
ess <collgeparkapts>
chan 6 freq 2437MHz flags 00a0<cck,2.4GHz>
capabilities 0000
beacon-interval 100 TU tsft 0 us
rates 1.0 2.0 5.5 [11.0]
assoc-id 0 assoc-failed 0 inactivity 300s
rssi 50 txseq 63 rxseq 38688
# i clear the routing tables and start with a clean slate...
bash-3.00# route flush
default 192.168.0.1 done
192.168.0.1 0.40.5.xx.xx.xx done
192.168.2.3 0.26.54.xx.xx.xx done
bash-3.00# route -n show
Routing tables
Internet:
Destination Gateway Flags
127.0.0.1 127.0.0.1 UH
192.168.0.0/24 link#1 U
192.168.2.0/24 link#2 U
192.168.2.3 00:26:54:xx:xx:xx UH
# i can ping the apartment complex's access point just fine
# as long as there is no default route:
bash-3.00# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=5.393 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=127 time=2.417 ms
^C
----192.168.0.1 PING Statistics----
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.417/3.905/5.393/2.104 ms
# now, i make 192.168.0.1 my default route...
bash-3.00# route add default 192.168.0.1
add net default: gateway 192.168.0.1
bash-3.00# route -n show
Routing tables
Internet:
Destination Gateway Flags
default 192.168.0.1 UG
127.0.0.1 127.0.0.1 UH
192.168.0.0/24 link#1 U
192.168.0.1 00:40:05:xx:xx:xx UH
192.168.2.0/24 link#2 U
192.168.2.3 00:26:54:xx:xx:xx UH
# after adding 192.168.0.1 as the default route, everything breaks!
# now when i try to ping 192.168.0.1, there is always a 20-second
# delay before the first ping-reply line comes up, but then it works
bash-3.00# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=2.355 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=127 time=3.090 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=127 time=2.335 ms
^C
----192.168.0.1 PING Statistics----
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.335/2.593/3.090/0.430 ms
# yep, exactly 20 seconds every time... some address resolution
# must be failing here, i think.
bash-3.00# time ping -c 1 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=3.599 ms
----192.168.0.1 PING Statistics----
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.599/3.599/3.599/0.000 ms
real 0m20.048s
user 0m0.000s
sys 0m0.007s
bash-3.00# time ping -c 1 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=2.385 ms
----192.168.0.1 PING Statistics----
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.385/2.385/2.385/0.000 ms
real 0m20.046s
user 0m0.000s
sys 0m0.000s
# if i try to ping a machine that would require the use
# of the 192.168.0.1 gateway, it also fails:
# (69.56.215.62 is the IP of a dedicated server i rent)
bash-3.00# ping 69.56.215.62
PING 69.56.215.62 (69.56.215.62): 56 data bytes
^C
----69.56.215.62 PING Statistics----
140 packets transmitted, 0 packets received, 100.0% packet loss
# it seems to be using the right route, though:
bash-3.00# route -n get 69.56.215.62
route to: 69.56.215.62
destination: default
mask: default
gateway: 192.168.0.1
local addr: 192.168.0.66
interface: wi0
flags: <UP,GATEWAY,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu
expire
0 0 0 0 0 0 0
0
# now, if i delete the default route, i can ping the router again:
bash-3.00# route delete default
delete net default
bash-3.00# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1): 56 data bytes
64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=2.362 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=127 time=3.271 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=127 time=2.733 ms
^C
----192.168.0.1 PING Statistics----
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.362/2.789/3.271/0.457 ms
# try adding a route to my dedicated server through 192.168.0.1...
bash-3.00# route add 69.56.215.62 192.168.0.1
add host 69.56.215.62: gateway 192.168.0.1
bash-3.00# route -n get 69.56.215.62
route to: 69.56.215.62
destination: 69.56.215.62
gateway: 192.168.0.1
local addr: 192.168.0.66
interface: wi0
flags: <UP,GATEWAY,HOST,DONE,STATIC>
recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu
expire
0 0 0 0 0 0 0
0
# this route fails too!
bash-3.00# ping 69.56.215.62
PING 69.56.215.62 (69.56.215.62): 56 data bytes
^C
----69.56.215.62 PING Statistics----
10 packets transmitted, 0 packets received, 100.0% packet loss
Thanks again if you can provide any insight! :D
--
c v k @ z y b x . c o m