I don't know if this hardware problem, software problem or driver problem but it involves TCP/IP so I thought I would begin here. I note that there is another instance of this mentioned in the forums, as a side issue but I could find a finite conclusion.
I am currently trying to debug a problem on a FreeBSD/PF based firewall. The problem, simply put, is that a client on the private side can access most websites but there a some that will not display.
The hardware is a VIA EPIA-M840 with two VIA vge(4) interfaces.
I have stripped the configuration back to basics. An ADSL connection is provided using PPPoE with user PPP (tun0) on vge0. PF performs NAT on tun0 and all outbound connections are permitted.
A client on the LAN (vge1) can browse to many web sites without a problem however, as an example http://www.bom.gov.au will not display.
Here where it gets interesting.
If I take NAT out of the equation and use public IPs on both sides of the firewall, it fails. If I take PPPoE out and use a fixed public IP on vge0 and PF/NAT it fails. If I replace the inside interface with a USB Ethernet adapter (ue0) and PF NAT, it works. If I use natd/ipfw to do the NAT, it works.
I am currently trawling through tcpdumps trying to find out what is different between sites that work and sites that don't. Any help would be greatly appreciated.
Cheers
Rob.
I am currently trying to debug a problem on a FreeBSD/PF based firewall. The problem, simply put, is that a client on the private side can access most websites but there a some that will not display.
The hardware is a VIA EPIA-M840 with two VIA vge(4) interfaces.
Code:
vge0: <VIA Networking Velocity Gigabit Ethernet> port 0xec00-0xecff mem 0xdf7ff000-0xdf7ff0ff irq 28 at device 0.0 on pci2
vge0: Using 1 MSI message
miibus0: <MII bus> on vge0
ip1000phy0: <IP1001 10/100/1000 media interface> PHY 1 on miibus0
ip1000phy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow
vge0: Ethernet address: 00:1f:f2:07:3f:0a
Code:
vge1: <VIA Networking Velocity Gigabit Ethernet> port 0xdc00-0xdcff mem 0xdfdff000-0xdfdff0ff irq 36 at device 0.0 on pci3
vge1: Using 1 MSI message
miibus1: <MII bus> on vge1
ip1000phy1: <IP1001 10/100/1000 media interface> PHY 1 on miibus1
ip1000phy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow
vge1: Ethernet address: 00:1f:f2:07:3f:09I have stripped the configuration back to basics. An ADSL connection is provided using PPPoE with user PPP (tun0) on vge0. PF performs NAT on tun0 and all outbound connections are permitted.
A client on the LAN (vge1) can browse to many web sites without a problem however, as an example http://www.bom.gov.au will not display.
Here where it gets interesting.
If I take NAT out of the equation and use public IPs on both sides of the firewall, it fails. If I take PPPoE out and use a fixed public IP on vge0 and PF/NAT it fails. If I replace the inside interface with a USB Ethernet adapter (ue0) and PF NAT, it works. If I use natd/ipfw to do the NAT, it works.
I am currently trawling through tcpdumps trying to find out what is different between sites that work and sites that don't. Any help would be greatly appreciated.
Cheers
Rob.