Problems with Simple Routing

R

rob34

I'm having problems trying to get routing working on a dual homed server. Here is some ASCII art of my network:
Code: 
                       ************                           
                       * Internet *
                       ************
                             |
                             |
****************    *******************    *********************
* 192.168.1.51 *----* 192.168.1.1     *--- * 192.168.1.52 (XP) *
*              *    * Broadband Router*    *********************
*              *    *******************
* FreeBSD 7.2  *
*              *    **********    **********************
*   10.0.0.1   *----* switch *--- * 10.0.0.2 (FreeBSD) *
****************    **********    **********************

I've created this routing rule on the broadband router:
Code: 
Destination: 10.0.0.0
Gateway:     192.168.1.51
Netmask:     255.255.255.0

I have a Windows XP computer with an IP address of 192.168.1.52. I can reach the 10.0.0.x network with it. Here is the output from tracert:
Code: 
C:\>tracert -d 10.0.0.2

Tracing route to 10.0.0.2 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2    <1 ms    <1 ms    <1 ms  192.168.1.51
  3    <1 ms    <1 ms    <1 ms  10.0.0.2

Trace complete.

The dual homed computer can reach both networks and the internet with no problem. My issue is with the 10.0.0.2 computer. It can ping my broadband router (192.168.1.1), but nothing else. I can't figure out why the dual honed computer will forward packets to 192.168.1.1 but nowhere else.

Here is the output from netstat -nr from 10.0.0.2:
Code: 
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.0.0.1           UGS         0       14    re0
10.0.0.0/24        link#1             UC          0        0    re0
10.0.0.1           00:02:e3:03:59:d4  UHLW        1       14    re0   1197
127.0.0.1          127.0.0.1          UH          0        0    lo0

Here is the output from 10.0.0.2 when I try to traceroute to my XP machine (192.168.1.52):
Code: 
# traceroute -n 192.168.1.52
traceroute to 192.168.1.52 (192.168.1.52), 64 hops max, 52 byte packets
 1  10.0.0.1  0.177 ms  0.122 ms  0.146 ms
 2  * * *
^C
It appears that the packets are making it to the dual homed computer but not being forwarded from there.

I have gateway_enable="YES" in the dual homed computer's /etc/rc.conf file. I also confirmed that it is enabled:
Code: 
# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1

Does anyone know what is missing from this configuration? I've pasted some additional information below, not sure if it is needed.

Thanks in advance for your help.





Here is the output of netstat -nr on my dual homed computer:
Code: 
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGS         0        0    em0
10.0.0.0/24        link#2             UC          0        0   sis0
10.0.0.255         ff:ff:ff:ff:ff:ff  UHLWb       1       63   sis0
127.0.0.1          127.0.0.1          UH          0        0    lo0
192.168.0.0/16     link#1             UC          0        0    em0
192.168.1.1        00:18:01:74:fa:d8  UHLW        1       75    em0   1158
192.168.1.50       link#1             UHLW        1        1    em0
192.168.1.52       00:1c:c0:2a:92:e8  UHLW        2     1071    em0   1177
192.168.255.255    ff:ff:ff:ff:ff:ff  UHLWb       1       63    em0

Here is the corresponding netstat -nr from the same computer:
Code: 
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
        ether 00:1c:c0:a5:97:98
        inet 192.168.1.51 netmask 0xffff0000 broadcast 192.168.255.255
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:02:e3:03:59:d4
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
fwe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:90:27:3c:7a:8e
        ch 1 dma -1
fwip0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        lladdr 0.90.27.0.2.3c.7a.8e.a.2.ff.fe.0.0.0.0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
 
I forgot to include this in my first post. This is the output from traceroute from my 10.0.0.2 computer to the broadband router:
Code: 
# traceroute -n 192.168.1.1
traceroute to 192.168.1.1 (192.168.1.1), 64 hops max, 52 byte packets
 1  10.0.0.1  0.177 ms  0.123 ms  0.118 ms
 2  192.168.1.1  0.708 ms  0.590 ms  0.587 ms
 
rob34 said:
I've created this routing rule on the broadband router:
Code: 
Destination: 10.0.0.0
Gateway:     [B]192.168.1.51[/B]
Netmask:     [B]255.255.255.0[/B]
Click to expand...

That's a /24 route.

rob34 said:
Here is the output of netstat -nr on my dual homed computer:
Code: 
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.1.1        UGS         0        0    em0
10.0.0.0/24        link#2             UC          0        0   sis0
10.0.0.255         ff:ff:ff:ff:ff:ff  UHLWb       1       63   sis0
127.0.0.1          127.0.0.1          UH          0        0    lo0
[B]192.168.0.0/16[/B]     link#1             UC          0        0    em0
192.168.1.1        00:18:01:74:fa:d8  UHLW        1       75    em0   1158
192.168.1.50       link#1             UHLW        1        1    em0
192.168.1.52       00:1c:c0:2a:92:e8  UHLW        2     1071    em0   1177
[B]192.168.255.255[/B]    ff:ff:ff:ff:ff:ff  UHLWb       1       63    em0
Click to expand...

That's a /16 route.

Not sure if that causes the problem, but it's not right.
 
What is strange about your pastings is that 192.168.0.52 can trace successfully to 10.0.0.2. In order for that to work, 10.0.0.2 has to be making contact with 192.168.0.52, and if that's the case it should be able to ping and trace it itself too.

Are you sure the XP firewall isn't the problem?

Keep in mind that in your trace from 10.0.0.2:

Code: 
# traceroute -n 192.168.1.52
traceroute to 192.168.1.52 (192.168.1.52), 64 hops max, 52 byte packets
 1  10.0.0.1  0.177 ms  0.122 ms  0.146 ms
 2  * * *

Hop #2 will be 192.168.0.52. Traffic will follow 2 hops from 10.0.0.2 -> 192.168.0.52, but traffic from 192.168.0.52 -> 10.0.0.2 will follow 3 hops.

BTW, tcpdump is your friend.
 
Yeah tcpdump on the dual homed computer and watch for the packets going out of the em0 interface. It smells like your broadband router doesn't know it should NAT for the 10.0.0.0/24 space. Maybe you should do that on your dual homed computer and see if then the 10.0.0.2 machine can get out to the internet.

I have some other ideas, but tcpdump will show you more info and I'd rather see that before speculating. The routing that DutchDaemon mentioned won't cause a problem since they do not overlap.
 
I think packet must go this way:
10.0.0.2 -> (switch) -> 10.0.0.1 -> 192.168.1.51 -> 192.168.1.1 -> 192.168.1.52
So in this path host 192.168.1.51 tries to arp 192.168.1.52 directly in ether, and 192.168.1.1 truncates these packets (and do not anwers itself). Its just a proposal, but logically seems its ok. So i think better 'clean' way is to put 192.168.1.52 in other subnet e.g. 192.168.2.0/24

UPD: this can be checked simply way - do `arp -n 192.168.1.52` on 192.168.1.51; if there is no ether address, then its really problem i described.
UPD UPD :) As an alternative you can use a switch to connect whese 3 devices (router, XP and 7.2).
 
You must log in or register to reply here.
Back
Top