can't route.

From: sam (samwun_at_hgcbroadband.com)
Date: 06/09/04 

Date: Thu, 10 Jun 2004 02:04:13 +0800

Hi,

I just setup some configuration for routing from the Freebsd to the
other subnet, but a test shown that a seperated host only can reach
(ping) the other interface of the FreeBSD but not the one beyond that.
Here is a diagram:

192.168.1.254 - 192.168.1.1 == 192.168.4.1 - 192.168.4.129
  OpenBSD FreeBSD WinXP

where 192.168.1.254 (a OpenBSD) is an interface connected to another
interface as 192.168.1.1. .1.1 and .4.1 are belong to FreeBSD.
192.168.4.129 is a WindowXP.
Test result is the WinXP is only able to ping 192.168.1.1, but not able
to ping 192.168.1.254.
I have setup enable_route="YES" in file /etc/rc.conf and did a reboot.
Then I found the IP forward is assigned to 1:
root@fbsd [1:51am] [~]# sysctl -a | grep forward
kern.smp.forward_signal_enabled: 1
kern.smp.forward_roundrobin_enabled: 1
net.inet.ip.forwarding: 1
net.inet.ip.fastforwarding: 0
net.inet6.ip6.forwarding: 0

I think I need NAT to work, but PF is broken as I posted to the
newsgroup a while go. The NAT roule is:
# Macros: define common values, so they can be referenced and changed
easily.
ext_if="em0" # replace with actual external interface name i.e., dc0
int_if="fxp0" # replace with actual internal interface name i.e., dc1
#internal_net="10.1.1.1/8"
internal_net="192.168.4.1/24"
external_addr="192.168.1.1"
nat on $ext_if from $int_net to any -> ($ext_if)
rdr on $ext_if proto tcp \
         from any to $ext_ip/32 port 25 -> 192.168.1.1 port 25
rdr on $ext_if proto tcp \
         from any to $ext_ip/32 port 110 -> 192.168.1.1 port 110
rdr on $ext_if proto tcp \
         from any to $ext_ip/32 port 53 -> 192.168.1.1 port 53
# Filtering: the implicit first two rules are
pass in all
pass out all

Ifconfig -a shown that :
root@fbsd [DING!] [...local/etc]# ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
         inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
         inet6 fe80::20e:cff:fe05:8229%em0 prefixlen 64 scopeid 0x1
         ether 00:0e:0c:05:82:29
         media: Ethernet autoselect (10baseT/UTP <half-duplex>)
         status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         options=b<RXCSUM,TXCSUM,VLAN_MTU>
         inet 192.168.4.1 netmask 0xffffff00 broadcast 192.168.4.255
         inet6 fe80::202:b3ff:febb:a7a5%fxp0 prefixlen 64 scopeid 0x2
         ether 00:02:b3:bb:a7:a5
         media: Ethernet autoselect (10baseT/UTP)
         status: active
vr0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
         ether 00:04:61:16:20:29
         media: Ethernet autoselect (none)
         status: no carrier
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
         inet 127.0.0.1 netmask 0xff000000
         inet6 ::1 prefixlen 128
         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         inet6 fe80::2bd:a3ff:fe04:0%tap0 prefixlen 64 scopeid 0x6
         inet 10.8.0.1 netmask 0xffffff00 broadcast 10.8.0.255
         ether 00:bd:a3:04:00:00
         Opened by PID 536
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
pfsync0: flags=41<UP,RUNNING> mtu 1896

netstat -rn shown that:
root@fbsd [2:00am] [...local/etc]# netstat -rn
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.254 UGS 0 420 em0
10.8/24 link#6 UC 0 0 tap0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.1 link#1 UC 0 0 em0
192.168.1.129 00:09:6b:8d:b2:67 UHLW 0 216 em0 1030
192.168.1.254 00:02:b3:0b:3c:d1 UHLW 1 16 em0 1026
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 0 15 em0
192.168.4 link#2 UC 0 0 fxp0
192.168.4.129 00:09:6b:8d:b2:67 UHLW 0 200 fxp0 183
192.168.4.255 ff:ff:ff:ff:ff:ff UHLWb 0 15 fxp0

What have I missed in order to route traffic to the other end of the
OpenBSD machine from WinXP?
If I need to fix the PF first, what is the work around for the PF issue?
thanks
sam

Relevant Pages

  • Re: POP3 Connector Issue
    ... the DF number will always be 28 bytes less than the MTU ... using this ping test. ... your server is not connected to the Internet." ... the router should return the message "packet needs to ...
    (microsoft.public.windows.server.sbs)
  • FreeBSD 5.1 <-> WinXP Networking Problem UPDATE
    ... am able to ping back and forth ... ... I tried pinging from Freebsd to 192.168.0.4 the ... WinXP #2 machine. ... flags=8843mtu ...
    (freebsd-questions)
  • MPD 3.18 Trouble
    ... I've got MPD v3.18 up and running on my FreeBSD 4.9. ... dc0: flags=8843mtu 1500 ... can see the ping come through from dc0 to ng0, ... machine) saying "Destination host unreachable". ...
    (freebsd-net)
  • Re: Browsing Web Pages
    ... ping it with a 1472 byte packet, then ping his machine's gateway ... address with a 1472 byte packet, then ping the next gateway with 1472 byte ... if he pings a router that returns a time out or "Packet needs to be ... Then find the issue with that router as to why it is using a reduced MTU ...
    (microsoft.public.windows.server.dns)
  • [Going nuts] Cant share the connection to the Internet
    ... Each computer pings well the FreeBSD machine. ... sk0: flags=8843mtu 1500 ... I can ping Google from this FreeBSD machine, ...
    (comp.unix.bsd.freebsd.misc)