Re: OK - I'm fairly clueless on this...
On 6/15/07, Chuck Swiger <[EMAIL PROTECTED]> wrote: On Jun 15, 2007, at 1:14 PM, Kurt Buff wrote: >> >> traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte >> >> packets >> >> 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms >> > >> > very short times suggest that the router (possibly NAT machine as >> > 192.168 suggest) is doing strange things... >> Do you have a bogus rdr/fwd in your config anywhere? >> -- >> Joe Holden >> T: (UK) 02071009593 (AU) 282442321 >> E: [EMAIL PROTECTED] > > Uh, don't know what those are, and I built this machine myself, from > scratch, so I doubt it. > > All it's got on it is postfix (for mailing daily reports) and squid. > It's pointed to our new T1, out a Watchguard firewall - we're going to > use the old T1 for mail and traffic to our branch offices. It would not be astonishing if your Watchguard firewall was blocking or modifying the traceroute traffic and ICMP time exceeded packets which result, unless someone has explicitly configured it to pass traceroutes. However, the problem you've shown can also happen when something things it should proxy-arp for all IPs, in other words, it will claim that anything outside of the subnet it is actually on is really a local IP and should go to that particular MAC address. Doing an "arp -a" and looking for dups should indicate whether this sort of thing is happening... -- -Chuck Problem solved, but this was indeed quite interesting. I've got several FreeBSD boxes scattered at various points through our network. After checking them, the ones that I had trouble with are those that are in the same subnet as our two firewalls. Doing a traceroute from the others worked just fine. However, 'arp -a' on the affected FreeBSD boxes (those in the subnet with the Watchguards) didn't reveal anything interesting. So, the Watchguards were doing *something*. OTOH, running tracert (the Windows version of traceroute) from a box on that same subnet worked just fine - that is, I get a full list of hops, etc. This is where the light started to shine.. I tried 'traceroute -P udp' and 'traceroute -P tcp', with no difference - that is, the machines in the same subnet got a single line back. However, if I specified 'tracert -I' (capital i - which means use ICMP) I get the output I expect from a traceroute command. As mentioned above, however, arp -a reveals no duplicates. Windows uses ICMP for its traceroutes, FreeBSD doesn't, by default, though it can. So, I took a look at my traceroute filter on the firewall, and found, finally, that it wasn't allowed from the subnet where my problem children were. I adjusted the filter on the firewall, and all is now happy. Thanks for your help, Chuck - it made the difference I needed to figure this out. Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OK - I'm fairly clueless on this...
Not for traceroute, no. On 6/15/07, Michael K. Smith - Adhost <[EMAIL PROTECTED]> wrote: Hello: > On 6/15/07, Joe Holden <[EMAIL PROTECTED]> wrote: > > Wojciech Puchar wrote: > > >> zsquid# traceroute www.freebsd.org > > >> traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte > > >> packets > > >> 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms > > > > > > very short times suggest that the router (possibly NAT machine as > > > 192.168 suggest) is doing strange things... > > Do you have a bogus rdr/fwd in your config anywhere? > > -- > > Joe Holden > > T: (UK) 02071009593 (AU) 282442321 > > E: [EMAIL PROTECTED] > > Uh, don't know what those are, and I built this machine myself, from > scratch, so I doubt it. > > All it's got on it is postfix (for mailing daily reports) and squid. > It's pointed to our new T1, out a Watchguard firewall - we're going to > use the old T1 for mail and traffic to our branch offices. > Do you have a Proxy of some sort on your network that might have cached www.freebsd.org? Regards, Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OK - I'm fairly clueless on this...
On Jun 15, 2007, at 1:14 PM, Kurt Buff wrote: >> traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte >> packets >> 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms > > very short times suggest that the router (possibly NAT machine as > 192.168 suggest) is doing strange things... Do you have a bogus rdr/fwd in your config anywhere? -- Joe Holden T: (UK) 02071009593 (AU) 282442321 E: [EMAIL PROTECTED] Uh, don't know what those are, and I built this machine myself, from scratch, so I doubt it. All it's got on it is postfix (for mailing daily reports) and squid. It's pointed to our new T1, out a Watchguard firewall - we're going to use the old T1 for mail and traffic to our branch offices. It would not be astonishing if your Watchguard firewall was blocking or modifying the traceroute traffic and ICMP time exceeded packets which result, unless someone has explicitly configured it to pass traceroutes. However, the problem you've shown can also happen when something things it should proxy-arp for all IPs, in other words, it will claim that anything outside of the subnet it is actually on is really a local IP and should go to that particular MAC address. Doing an "arp -a" and looking for dups should indicate whether this sort of thing is happening... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: OK - I'm fairly clueless on this...
Hello: > On 6/15/07, Joe Holden <[EMAIL PROTECTED]> wrote: > > Wojciech Puchar wrote: > > >> zsquid# traceroute www.freebsd.org > > >> traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte > > >> packets > > >> 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms > > > > > > very short times suggest that the router (possibly NAT machine as > > > 192.168 suggest) is doing strange things... > > Do you have a bogus rdr/fwd in your config anywhere? > > -- > > Joe Holden > > T: (UK) 02071009593 (AU) 282442321 > > E: [EMAIL PROTECTED] > > Uh, don't know what those are, and I built this machine myself, from > scratch, so I doubt it. > > All it's got on it is postfix (for mailing daily reports) and squid. > It's pointed to our new T1, out a Watchguard firewall - we're going to > use the old T1 for mail and traffic to our branch offices. > Do you have a Proxy of some sort on your network that might have cached www.freebsd.org? Regards, Mike ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OK - I'm fairly clueless on this...
On 6/15/07, Joe Holden <[EMAIL PROTECTED]> wrote: Wojciech Puchar wrote: >> zsquid# traceroute www.freebsd.org >> traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte >> packets >> 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms > > very short times suggest that the router (possibly NAT machine as > 192.168 suggest) is doing strange things... Do you have a bogus rdr/fwd in your config anywhere? -- Joe Holden T: (UK) 02071009593 (AU) 282442321 E: [EMAIL PROTECTED] Uh, don't know what those are, and I built this machine myself, from scratch, so I doubt it. All it's got on it is postfix (for mailing daily reports) and squid. It's pointed to our new T1, out a Watchguard firewall - we're going to use the old T1 for mail and traffic to our branch offices. Oh, and to reply to Wojciech, here's what he wanted as well: zsquid# ifconfig -a fxp0: flags=8843 mtu 1500 options=8 inet 192.168.8.72 netmask 0xff00 broadcast 192.168.8.255 ether 00:11:11:2b:db:97 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=108810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OK - I'm fairly clueless on this...
Wojciech Puchar wrote: >> zsquid# traceroute www.freebsd.org >> traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte >> packets >> 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms > > very short times suggest that the router (possibly NAT machine as > 192.168 suggest) is doing strange things... Do you have a bogus rdr/fwd in your config anywhere? -- Joe Holden T: (UK) 02071009593 (AU) 282442321 E: [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OK - I'm fairly clueless on this...
zsquid# traceroute www.freebsd.org traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte packets 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms very short times suggest that the router (possibly NAT machine as 192.168 suggest) is doing strange things... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
OK - I'm fairly clueless on this...
This is very strange - I can't get traceroute to work as I expect. Forgive me if I'm being stupid as well as blind, but perusing the man page for traceroute brings no joy. It simply doesn't produce expected results - I don't think I'm on the same network as www.freebsd.org, so where are the answers from all of the intervening hops? zsquid# traceroute www.freebsd.org traceroute to www.freebsd.org (69.147.83.33), 64 hops max, 40 byte packets 1 www.freebsd.org (69.147.83.33) 1.050 ms 0.970 ms 2.110 ms Why is this so important? Well, I'm in a network segment with two routers, and I'm trying to determine that the machine is using the correct default gateway. uname -a yeilds: FreeBSD zsquid.mycompany.com 6.2-STABLE FreeBSD 6.2-STABLE #0: Fri Jun 1 16:03:26 PDT 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 /etc/rc.conf has these lines: defaultrouter="192.168.8.4" hostname="zsquid.mycompany.com" ifconfig_fxp0="inet 192.168.8.72 netmask 255.255.255.0" ifconfig shows the following: fxp0: flags=8843 mtu 1500 options=8 inet 192.168.8.72 netmask 0xff00 broadcast 192.168.8.255 ether 00:11:11:2b:db:97 media: Ethernet autoselect (100baseTX ) status: active plip0: flags=108810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 Kurt ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"