can't resolve some webpages

E

erik006

Hello All,

I've been struggling to get my network setup the way I want it. Originally, I had a Speedtouch 536 DSL (Teksavvy PPPoE) modem setup in routed mode. The modem was connected over ethernet to my freebsd gateway. This gateway was connected to a cisco 8-port gigabit switch, which was bridged to a WRT54GL router, setup as an access point.

ISP <---> Speedtouch DSL Modem <---> FreeBSD gateway <---> Gigabit Switch <---> AP

However, the firewall settings on the gateway were having no effect - presumably due to modem being in routed mode (could that be the issue).

I decided to put the DSL Modem into bridge mode, and use the gateway to setup the PPPoE connection. However, this is where I run into some issues. It seems that I can resolve *some* but *not all* webpages. For example, I can
get to http://www.arstechnica.com but not to http://www.aol.com or http://www.nih.gov/.

I did some searching and thought maybe this was an MTU problem - but 1) the MTU is set to 1492, which should work (has always worked on the speedtouch) and 2) I tried to change it using: [CMD="route change ISP_NETWORK_ADD -mtu #"][/CMD] which didn't do anything for my issues. Does anyone have a clue what could be going on here? I have tried to post all pertinent information below, but please do ask for more information if necessary.

Thank you,

Erik

Example:

Code: 
carlsagan# nslookup aol.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; connection timed out; no servers could be reached

carlsagan# ping aol.com
ping: cannot resolve aol.com: Host name lookup failure

Code: 
carlsagan# uname -rim
8.1-RELEASE amd64 GENERIC

Code: 
carlsagan# cat /etc/rc.conf 
zfs_enable="YES"
hostname="carlsagan.beerepoot.local"

#PPPoE setup
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="teksavvy"

#configure LAN gateway iface
ifconfig_em0="inet 10.0.0.1 netmask 255.255.255.0 media 1000baseTX mediaopt full-duplex mtu 9000"

#gateway & firewall setup
gateway_enable="YES"
pf_enable="YES"
pflog_enable="YES"
natd_enable="YES"
natd_interface="re0"
natd_flags=""
dhcpd_enable="YES"
dhcpd_ifaces="em0"
named_enable="YES"
sshd_enable="YES"

#network sharing
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
ntpd_enable="YES"
ntpdate_enable="YES"

Code: 
carlsagan# cat /etc/ppp/ppp.conf
cygnet:
	set device PPPoE:re0
	set authname beerepoot@cygnet
	set authkey ******
	set dial
	set login
	add default HISADDR
teksavvy:
	set device PPPoE:re0
	set MTU 1490
	set authname erik006@teksavvy.com	
	set authkey ******
	set dial	
	set login	
	add default HISADDR
	enable dns

All pass pf.conf:

Code: 
carlsagan# cat /etc/pf.conf.new
pass in log all keep state 
pass out log all keep state

Network setup:
Code: 
carlsagan# ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=389b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
	ether 00:01:2e:2c:d7:27
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
	options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
	ether 00:1b:21:63:c3:7c
	inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
	media: Ethernet 1000baseT <full-duplex>
	status: active
ath0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 2290
	ether 00:25:d3:f0:c4:78
	media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
	status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 
	inet6 ::1 prefixlen 128 
	inet 127.0.0.1 netmask 0xff000000 
	nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33152
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
	options=80000<LINKSTATE>
	inet 206.248.191.240 --> 206.248.154.122 netmask 0xffffffff 
	Opened by PID 461
 
I should clarify: At this point i'm concerned with being able to access the webpages on the gateway machine, not on any clients that may be attached to the switch.
 
hello,

I think your problem is dhcpd.conf related.

Please post dhcpd.conf file, it should provide ip, gateway ip address and dns server for each workstation,

Almost sure AP could not be configured using dhcpd, manually configure it to be between dhcp server ip addresses , turn off its dhcp server.

Wireless devices should be configured with your freebsd gateway. Because it has dhcp server active.

I am assuming your ppp.conf file is configured to use two different ISP, I just use one, I configured it to reconnect when connectivity is lost.

Also I think your rc.conf is too extensive.

The most important think is does your gateway RESOLVES ALL you dns requests?
 
There's no DNS server running on 127.0.0.1. Which is the cause of the error. Either change the DHCP options or /etc/resolv.conf so it points to a working DNS server.
 
Thank you SirDice. I can't believe I forgot to post my resolve.conf - it was set to point to 10.0.0.1, which is the IP of the gateway.
 
erik006 said:
Thank you SirDice. I can't believe I forgot to post my resolve.conf - it was set to point to 10.0.0.1, which is the IP of the gateway.
Click to expand...

Not according to the nslookup output you posted:
Code: 
carlsagan# nslookup aol.com
;; [b]Got SERVFAIL reply from 127.0.0.1[/b], trying next server
;; connection timed out; no servers could be reached
Click to expand...
 
erik006 said:
Hello All,
I've been struggling to get my network setup the way I want it. Originally, I had a...
Click to expand...

Hello friend.

I had a similar problem, only NAT worked through the PF. Been solved by adding the following line in pf.conf:
Code: 
scrub all no-df random-id min-ttl 1 max-mss 1400 fragment reassemble reassemble tcp

Good luck.
 
You must log in or register to reply here.
Back
Top