Sorry to jump into this late. You say:
[4] I need help understanding what is going on in lines like this:I believe what this reports is an icmp "Destination unreachable" packet. The rest of it -- "64.4.197.69 udp port 32868" -- is part of the *content* of the icmp packet and tells you what (a udp port on a host) is unreachable.
64.4.197.69 > 64.4.197.65: icmp: 64.4.197.69 udp port 32868 unreachable [tos 0xc0]
I am confused with both icmp and udp specified on same line ???
Since the message is coming from 64.4.197.69, which you identify as your SuSE server, to your LEAF router (64.4.197.65), I'd *guess* that either the SuSE host has nothing listening on port 32868 -OR- it is running a firewall that causes (some) packets to that port to be REJECT'ed. But that comment comes without looking at the context of the packet.
In the context of the actual tcpdump output you linked to ... since the DNS request is coming *from* port 32868 on the SuSE server, it (the requesting app, that is) should be listening on that port for a reply. And whenyou run "nslookup", indeed it does listen. But not when you run "host". So it's probably not the firewall; more likely a problem with "host".
I confess to a bit of confusion about what does and does not work. From the tcpdump file you link us to, I see that --
"host" does not work
"nslookup" does work
"ping" does work
"dig" is not tested.
But below, you say that ping does NOT work. Which is it?
From what you provided, I don't see why nslookup would work but not host. Perhaps now you will be able to spot the problem, with your question about the interpretation of the icmp packet addressed. Good luck.
At 05:06 PM 10/12/02 -0500, Michael D. Schleif wrote:
OK, it gets more interesting ;>
[1] As you know, here is a summary of the dcd:
root@bluetrout:/etc
# ip addr
. . .
7: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:c9:9e:57:70 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth0
8: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:c9:9e:64:83 brd ff:ff:ff:ff:ff:ff
inet 64.4.197.65/26 brd 64.4.197.127 scope global eth1
17: wan1: <POINTOPOINT,NOARP,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ppp
inet 64.4.222.157 peer 64.4.222.158/32 scope global wan1
inet 64.4.197.99/32 scope global wan1
inet 64.4.197.100/32 scope global wan1
inet 64.4.197.101/32 scope global wan1
# ip route
64.4.222.158 dev ipsec0 proto kernel scope link src 64.4.222.157
64.4.222.158 dev wan1 proto kernel scope link src 64.4.222.157
64.4.197.64/26 dev eth1 proto kernel scope link src 64.4.197.65
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.254
192.168.123.0/24 via 64.4.222.158 dev ipsec0
default via 64.4.222.158 dev wan1
[2] This is czar, a SuSE server on the dmz:
root@czar:~
# ip addr
. . .
2: eth0: <BROADCAST,PROMISC,NOTRAILERS,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:10:4b:af:ae:e2 brd ff:ff:ff:ff:ff:ff
inet 64.4.197.69/26 brd 64.4.197.127 scope global eth0
inet6 fe80::210:4bff:feaf:aee2/10 scope link
# ip route
64.4.197.64/26 dev eth0 proto kernel scope link src 64.4.197.69
default via 64.4.197.65 dev eth0
# cat /etc/resolv.conf
nameserver 192.168.1.254
search PlatinumAire.net
[3] As it turns out, some name resolution stuff works (e.g., nslookup);
but, other stuff does *NOT* work (e.g., host, dig, ping). tcpdump
output is here:
<http://www.helices.org/tmP/bluetrout.tcpdump.txt>
[4] I need help understanding what is going on in lines like this:
64.4.197.69 > 64.4.197.65: icmp: 64.4.197.69 udp port 32868 unreachable [tos 0xc0]
I am confused with both icmp and udp specified on same line ???
-- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
