netbsd-help: Re: Intermittent problem with NAT over a wireless connection

Subject: Re: Intermittent problem with NAT over a wireless connection
To: None <netbsd-help@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: netbsd-help
Date: 11/05/2005 23:26:19
In article <436BA331.1080101@zybx.com>,
Christian von Kleist  <cvk@zybx.com> wrote:
>I have a problem using a wireless connection with NetBSD-current, but
>the same problem has occurred since 1.6.2.
>
>My apartment complex provides free wireless internet access, so I use a
>wireless card in my NetBSD-based router to do NAT for my wired network.
>Everything is set up in a very straightforward manor: The router
>connects to the apartment complex's access point via wi0 (which is a
>PRISM-2.5-based card from Netgear) and does NAT using this simple
>ipnat.conf:
>
>/etc/ipnat.conf:
>
>map wi0 192.168.2.0/24 -> 0/32 portmap tcp/udp 40000:60000
>map wi0 192.168.2.0/24 -> 0/32
>
>(192.168.2.0/24 is my wired network)
>
>The IP of the apartment complex's AP is 192.168.0.1, so 192.168.0.1 is
>default route on my router (which is running HEAD from about two weeks ago).
>
>This is a simple setup that works just great...but only for about one to
>three days at a time. After a while, the NAT stops working, even though
>wi0 is still up and active. When this problem occurs, doing `ping
>192.168.0.1` from my router works, but there is a 20-second (exactly)
>delay every time a new ping command runs, like this:
>
>bash-3.00# time ping -c 1 192.168.0.1
>PING 192.168.0.1 (192.168.0.1): 56 data bytes
>64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=3.599 ms
>
>----192.168.0.1 PING Statistics----
>1 packets transmitted, 1 packets received, 0.0% packet loss
>round-trip min/avg/max/stddev = 3.599/3.599/3.599/0.000 ms
>
>real 0m20.048s
>user 0m0.000s
>sys 0m0.007s
>
>
>Once the problem occurs, pinging an internet IP doesn't work at all:
>
>bash-3.00# ping 69.56.215.62 # the IP of a server i rent
>
>PING 69.56.215.62 (69.56.215.62): 56 data bytes
>^C
>----69.56.215.62 PING Statistics----
>140 packets transmitted, 0 packets received, 100.0% packet loss
>
>
>If I delete the default route, I can ping the apartment complex's AP
>with `ping 192.168.0.1` and there is no delay, but of course the NAT no
>longer works for the machines on my wired network because my router
>doesn't have a default route.
>
>I'm sure the problem isn't with the apartment complex's AP. During all
>of this I can continue to use it flawlessly from my iBook (via its
>Airport Extreme card), and my roommate can simultaneously use the AP
>with the wireless card in his PC-laptop (some wireless adapter from
>Linksys). Resetting the apartment complex's AP doesn't fix it, and if I
>connect my router to the free access point of the apartment complex 
>across the street, the same problem occurs after about the same amount 
>of time.
>
>I can fix the problem once it occurs by deleting the default route and
>waiting approximately ten minutes. Then I add the route again and
>everything works perfectly! However, it fails again after about the
>same amount of time.
>
>I have discovered that the problem occurs more frequently when the
>connection is used heavily, and less frequently when it is used lightly.
>I can make it happen immediately by seeding two or three bittorrents.
>After a few hundred hosts connect, the NAT stops working within seconds.
>However, I can seed the same torrents at the same time on my iBook
>(using its wireless card to connect to the AP) and everything works
>perfectly!
>
>What could I be doing wrong? I would be very grateful for any insight
>on how to fix this problem or better diagnose it.
>
>Thanks in advance! :)
>
>-- Christian von Kleist
>
>
>This is what the situation is like after the problem occurs:
>
>
>bash-3.00# uname -a
>NetBSD iyashii.asdf.com 3.99.10 NetBSD 3.99.10 (GENERIC) #0: Wed Oct 19
>11:23:50 UTC 2005
>
>builds@b4.netbsd.org:/home/builds/ab/HEAD/i386/200510190000Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/GENERIC
>i386
>
>
>
># here's my wireless card setup
>
>bash-3.00# wlanctl wi0
>wi0: mac 00:40:05:xx:xx:xx bss 00:40:05:c8:36:00
>         node flags 0001<bss>
>         ess <collgeparkapts>
>         chan 6 freq 2437MHz flags 00a0<cck,2.4GHz>
>         capabilities 0000
>         beacon-interval 100 TU tsft 0 us
>         rates 1.0 2.0 5.5 [11.0]
>         assoc-id 0 assoc-failed 0 inactivity 300s
>         rssi 50 txseq 63 rxseq 38688
>
>
>
># i clear the routing tables and start with a clean slate...
>
>bash-3.00# route flush
>default              192.168.0.1          done
>192.168.0.1          0.40.5.xx.xx.xx       done
>192.168.2.3          0.26.54.xx.xx.xx     done
>
>bash-3.00# route -n show
>Routing tables
>
>Internet:
>Destination        Gateway            Flags
>127.0.0.1          127.0.0.1          UH
>192.168.0.0/24     link#1             U
>192.168.2.0/24     link#2             U
>192.168.2.3        00:26:54:xx:xx:xx  UH
>
>
>
># i can ping the apartment complex's access point just fine
># as long as there is no default route:
>
>bash-3.00# ping 192.168.0.1
>PING 192.168.0.1 (192.168.0.1): 56 data bytes
>64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=5.393 ms
>64 bytes from 192.168.0.1: icmp_seq=1 ttl=127 time=2.417 ms
>^C
>----192.168.0.1 PING Statistics----
>2 packets transmitted, 2 packets received, 0.0% packet loss
>round-trip min/avg/max/stddev = 2.417/3.905/5.393/2.104 ms
>
>
>
># now, i make 192.168.0.1 my default route...
>
>bash-3.00# route add default 192.168.0.1
>add net default: gateway 192.168.0.1
>
>
>bash-3.00# route -n show
>Routing tables
>
>Internet:
>Destination        Gateway            Flags
>default            192.168.0.1        UG
>127.0.0.1          127.0.0.1          UH
>192.168.0.0/24     link#1             U
>192.168.0.1        00:40:05:xx:xx:xx  UH
>192.168.2.0/24     link#2             U
>192.168.2.3        00:26:54:xx:xx:xx  UH
>
>
>
># after adding 192.168.0.1 as the default route, everything breaks!
>
># now when i try to ping 192.168.0.1, there is always a 20-second
># delay before the first ping-reply line comes up, but then it works
>
>bash-3.00# ping 192.168.0.1
>PING 192.168.0.1 (192.168.0.1): 56 data bytes
>64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=2.355 ms
>64 bytes from 192.168.0.1: icmp_seq=1 ttl=127 time=3.090 ms
>64 bytes from 192.168.0.1: icmp_seq=2 ttl=127 time=2.335 ms
>^C
>----192.168.0.1 PING Statistics----
>3 packets transmitted, 3 packets received, 0.0% packet loss
>round-trip min/avg/max/stddev = 2.335/2.593/3.090/0.430 ms
>
>
>
># yep, exactly 20 seconds every time... some address resolution
># must be failing here, i think.
>
>bash-3.00# time ping -c 1 192.168.0.1
>PING 192.168.0.1 (192.168.0.1): 56 data bytes
>64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=3.599 ms
>
>----192.168.0.1 PING Statistics----
>1 packets transmitted, 1 packets received, 0.0% packet loss
>round-trip min/avg/max/stddev = 3.599/3.599/3.599/0.000 ms
>
>real    0m20.048s
>user    0m0.000s
>sys     0m0.007s
>
>bash-3.00# time ping -c 1 192.168.0.1
>PING 192.168.0.1 (192.168.0.1): 56 data bytes
>64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=2.385 ms
>
>----192.168.0.1 PING Statistics----
>1 packets transmitted, 1 packets received, 0.0% packet loss
>round-trip min/avg/max/stddev = 2.385/2.385/2.385/0.000 ms
>
>real    0m20.046s
>user    0m0.000s
>sys     0m0.000s
>
>
>
># if i try to ping a machine that would require the use
># of the 192.168.0.1 gateway, it also fails:
># (69.56.215.62 is the IP of a dedicated server i rent)
>
>bash-3.00# ping 69.56.215.62
>PING 69.56.215.62 (69.56.215.62): 56 data bytes
>^C
>----69.56.215.62 PING Statistics----
>140 packets transmitted, 0 packets received, 100.0% packet loss
>
># it seems to be using the right route, though:
>
>bash-3.00# route -n get 69.56.215.62
>    route to: 69.56.215.62
>destination: default
>        mask: default
>     gateway: 192.168.0.1
>  local addr: 192.168.0.66
>   interface: wi0
>       flags: <UP,GATEWAY,DONE,STATIC>
>  recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu
>  expire
>        0         0         0         0         0         0         0
>      0
>
>
>
># now, if i delete the default route, i can ping the router again:
>
>bash-3.00# route delete default
>delete net default
>
>bash-3.00# ping 192.168.0.1
>PING 192.168.0.1 (192.168.0.1): 56 data bytes
>64 bytes from 192.168.0.1: icmp_seq=0 ttl=127 time=2.362 ms
>64 bytes from 192.168.0.1: icmp_seq=1 ttl=127 time=3.271 ms
>64 bytes from 192.168.0.1: icmp_seq=2 ttl=127 time=2.733 ms
>^C
>----192.168.0.1 PING Statistics----
>3 packets transmitted, 3 packets received, 0.0% packet loss
>round-trip min/avg/max/stddev = 2.362/2.789/3.271/0.457 ms
>
>
>
># try adding a route to my dedicated server through 192.168.0.1...
>
>bash-3.00# route add 69.56.215.62 192.168.0.1
>add host 69.56.215.62: gateway 192.168.0.1
>
>bash-3.00# route -n get 69.56.215.62
>    route to: 69.56.215.62
>destination: 69.56.215.62
>     gateway: 192.168.0.1
>  local addr: 192.168.0.66
>   interface: wi0
>       flags: <UP,GATEWAY,HOST,DONE,STATIC>
>  recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu
>  expire
>        0         0         0         0         0         0         0
>      0
>
># this route fails too!
>
>bash-3.00# ping 69.56.215.62
>PING 69.56.215.62 (69.56.215.62): 56 data bytes
>^C
>----69.56.215.62 PING Statistics----
>10 packets transmitted, 0 packets received, 100.0% packet loss
>
>
>Thanks again if you can provide any insight!  :D

Is your dns working? does ping -n work?

christos