Re: lug-bg: homelan.bg & freebsd router
- Subject: Re: lug-bg: homelan.bg & freebsd router
- From: Росен Недялков <hotrod@xxxxxxxxx>
- Date: Sun, 26 Jun 2005 16:51:38 +0300
- Delivered-to: lug-bg-list@xxxxxxxxxxxxxxxxxx
- Delivered-to: lug-bg@xxxxxxxxxxxxxxxxxx
- Organization: Izrod Ltd.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Доколкото съм запознат с Homelan те май нагласяха TTL=1. Почти съм
сигурен,че това е проблема.
Peter wrote:
> Здравейте, Опитвам се да подкарам FreeBSD router, който да изпозлва
> връзка на Хоумлан, но за сега без успех.
>
> Конфигурации:
>
> Router:
>
> FreeBSD 5.4 Pub interface: fxp0 private ineterface: rl0 PPPoE
> interface: tun0
>
> Client:
>
> Laptop - Windows XP Pro
>
> Без проблеми подкарах, PPPoE връзка под FreeBSD, също без проблеми
> се свързвам от Уиндоуса към рутера по SSH. Опитах със PPP_NAT и
> със NATD - но без успех да накарам NAT-a да заработи.
>
> Като слушам с tcpdump na tun0 вижда странни неша от типа:
>
> 12:51:33.240233 IP rtr-lulin.data.bg.domain >
> unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
> 12:51:33.241378 IP mail.data.bg.domain >
> unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
> 12:51:33.242773 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg:
> icmp 36: time exceeded in-transit 12:51:33.243076 IP
> unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded
> in-transit
>
> Ето и ipfw правилата:
>
> f# ipfw list 00002 allow ip from any to any via rl0 00003 allow ip
> from any to any via lo0 00100 divert 8668 ip from any to any in via
> tun0 00101 check-state 00120 skipto 500 udp from any to
> 195.149.255.139 dst-port 53 out via tun0 keep-s
> tate 00121 skipto 500 udp from any to 195.149.248.177 dst-port 53
> out via tun0 keep-s
> tate 00125 skipto 500 tcp from any to any via tun0 setup keep-state
> 00130 skipto 500 icmp from any to any out via tun0 keep-state
> 00400 allow udp from 195.149.248.177 to any in keep-state 00420
> allow tcp from any to me dst-port 80 in via tun0 setup limit
> src-addr 1 00500 divert 8668 ip from any to any out via tun0 00510
> allow ip from any to any 65535 deny ip from any to any
>
> От това по отворено не мога да си го представя.
>
>
> Етои мрежовата конфигурация:
>
> f# ifconfig fxp0:
> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=8<VLAN_MTU> inet6 fe80::20a:e4ff:fe41:adea%fxp0 prefixlen
> 64 scopeid 0x1 ether xx:xx:xx:xx:xx media: Ethernet autoselect
> (100baseTX <full-duplex>) status: active rl0:
> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> options=8<VLAN_MTU> inet 10.30.12.1 netmask 0xffffff00 broadcast
> 10.30.12.255 inet6 fe80::2c0:26ff:fe79:7d98%rl0 prefixlen 64
> scopeid 0x2 ether 00:c0:26:79:7d:98 media: Ethernet autoselect
> (100baseTX <full-duplex>) status: active plip0:
> flags=108810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 lo0:
> flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1
> netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0
> prefixlen 64 scopeid 0x4 tun0:
> flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1492 inet
> 83.97.XX.XXX --> 195.149.255.142 netmask 0xffffff00 Opened by PID
> 195
>
> Routing table:
>
> f# netstat -r Routing tables
>
> Internet: Destination Gateway Flags Refs
> Use Netif Expire default rtr3-lulin.data.bg UGS
> 0 168 tun0 10.30.12/24 link#2 UC
> 0 0 rl0 10.30.12.3 00:0a:e4:41:ae:0b UHLW
> 0 108 rl0 1091 localhost localhost UH
> 0 0 lo0 rtr3-lulin.data.bg unknown UH
> 1 36 tun0
>
>
> f# cat /etc/rc.conf
>
> # -- sysinstall generated deltas -- # Wed Jun 15 23:11:25 2005 #
> Created: Wed Jun 15 23:11:25 2005 # Enable network daemons for user
> convenience. # Please make all changes to this file, not to
> /etc/defaults/rc.conf. # This file now contains just the overrides
> from /etc/defaults/rc.conf. #REMOVED: ifconfig_fxp0="inet
> 192.168.0.35 netmask 255.255.255.0" #REMOVED: usbd_enable="YES"
> #defaultrouter="192.168.0.1" gateway_enable="YES"
> hostname="bivol.ddns.homelan.bg" ifconfig_fxp0="inet 192.168.x.xx
> netmask 255.255.255.0" ifconfig_rl0="inet 10.30.12.1 netmask
> 255.255.255.0" linux_enable="YES" sshd_enable="YES"
> usbd_enable="NO" ppp_enable="YES" ppp_mode="ddial" #ppp_nat="YES"
> ppp_profile="hl1" firewall_enable="YES" firewall_type="open"
> natd_enable="YES" natd_interface="tun0" natd_flags="-dynamic -m"
>
>
> TCPDUMP:
>
> 12:51:26.240092 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36:
> time exceeded in-transit 12:51:27.116457 IP
> rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.1066: 22679
> NXDomain 0/1/0 (122) 12:51:27.117588 IP mail.data.bg.domain >
> unknown.ddns.HomeLan.BG.1066: 22679 NXDomain 0/1/0 (122)
> 12:51:27.118985 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg:
> icmp 36: time exceeded in-transit 12:51:27.119299 IP
> unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded
> in-transit 12:51:27.233741 IP unknown.ddns.HomeLan.BG.1065 >
> rtr-lulin.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35)
> 12:51:27.238243 IP rtr-lulin.data.bg.domain >
> unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
> 12:51:27.239554 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg:
> icmp 36: time exceeded in-transit 12:51:29.234803 IP
> unknown.ddns.HomeLan.BG.1065 > rtr-lulin.data.bg.domain: 42640+ A?
> newsrss.bbc.co.uk. (35) 12:51:29.235163 IP
> unknown.ddns.HomeLan.BG.1065 > mail.data.bg.domain: 42640+ A?
> newsrss.bbc.co.uk. (35) 12:51:29.243392 IP rtr-lulin.data.bg.domain
> > unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
> 12:51:29.244190 IP mail.data.bg.domain >
> unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
> 12:51:29.245603 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg:
> icmp 36: time exceeded in-transit 12:51:29.245905 IP
> unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded
> in-transit 12:51:33.235947 IP unknown.ddns.HomeLan.BG.1065 >
> rtr-lulin.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35)
> 12:51:33.237839 IP unknown.ddns.HomeLan.BG.1065 >
> mail.data.bg.domain: 42640+ A? newsrss.bbc.co.uk. (35)
> 12:51:33.240233 IP rtr-lulin.data.bg.domain >
> unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
> 12:51:33.241378 IP mail.data.bg.domain >
> unknown.ddns.HomeLan.BG.1065: 42640 2/2/2 CNAME[|domain]
> 12:51:33.242773 IP unknown.ddns.HomeLan.BG > rtr-lulin.data.bg:
> icmp 36: time exceeded in-transit 12:51:33.243076 IP
> unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36: time exceeded
> in-transit ^C 79 packets captured 79 packets received by filter 0
> packets dropped by kernel f# tcpdump -i tun0 tcpdump: verbose
> output suppressed, use -v or -vv for full protocol decode listening
> on tun0, link-type NULL (BSD loopback), capture size 96 bytes
> 12:53:45.129486 IP unknown.ddns.HomeLan.BG.1066 >
> rtr-lulin.data.bg.domain: 39058+ A? it.slashdot.org. (33)
> 12:53:45.129854 IP unknown.ddns.HomeLan.BG.1066 >
> mail.data.bg.domain: 39058+ A? it.slashdot.org. (33)
> 12:53:45.135620 IP rtr-lulin.data.bg.domain >
> unknown.ddns.HomeLan.BG.1066: 39058 1/5/5 A star.slashdot.org
> (238) 12:53:45.136805 IP mail.data.bg.domain >
> unknown.ddns.HomeLan.BG.1066: 39058 1/5/5 A star.slashdot.org
> (238) 12:53:45.139168 IP unknown.ddns.HomeLan.BG >
> rtr-lulin.data.bg: icmp 36: time exceeded in-transit
> 12:53:45.139502 IP unknown.ddns.HomeLan.BG > mail.data.bg: icmp 36:
> time exceeded in-transit 12:53:45.321043 IP
> unknown.ddns.HomeLan.BG.51985 > rtr-lulin.data.bg.domain: 44355+
> PTR? 139.255.149.195.in-addr.arpa. (46) 12:53:45.325618 IP
> rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.51985: 44355
> 1/7/11 PTR[|domain] 12:53:45.330726 IP
> unknown.ddns.HomeLan.BG.50079 > rtr-lulin.data.bg.domain: 44356+
> PTR? 141.31.97.83.in-addr.arpa. (43) 12:53:45.337158 IP
> rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.50079: 44356
> 1/2/2 (177) 12:53:45.341953 IP unknown.ddns.HomeLan.BG.54720 >
> rtr-lulin.data.bg.domain: 44357+ PTR?
> 177.248.149.195.in-addr.arpa. (46) 12:53:45.346612 IP
> rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.54720: 44357
> 1/3/3 PTR[|domain] 12:53:45.351294 IP unknown.ddns.HomeLan.BG.65222
> > rtr-lulin.data.bg.domain: 44358+ PTR?
> 151.250.35.66.in-addr.arpa. (44) 12:53:45.710193 IP
> rtr-lulin.data.bg.domain > unknown.ddns.HomeLan.BG.65222: 44358
> 2/2/2[|domain] 12:54:01.087425 IP unknown.ddns.HomeLan.BG.1066 >
> rtr-lulin.data.bg.domain: 12946+ A? it.slashdot.org. (33)
> 12:54:01.092699 IP rtr-lulin.data.bg.domain >
> unknown.ddns.HomeLan.BG.1066: 12946 1/5/5 A star.slashdot.org
> (238) 12:54:01.094003 IP unknown.ddns.HomeLan.BG >
> rtr-lulin.data.bg: icmp 36: time exceeded in-transit
> 12:54:02.087348 IP unknown.ddns.HomeLan.BG.1066 >
> mail.data.bg.domain: 12946+ A? it.slashdot.org. (33)
> 12:54:02.092405 IP mail.data.bg.domain >
> unknown.ddns.HomeLan.BG.1066: 12946 1/5/5 A star.slashdot.org
> (238) 12:54:02.093743 IP unknown.ddns.HomeLan.BG > mail.data.bg:
> icmp 36: time exceeded in-transit 12:54:03.087550 IP
> unknown.ddns.HomeLan.BG.1066 > rtr-lulin.data.bg.domain: 12946+ A?
> it.slashdot.org. (33) 12:54:03.092805 IP rtr-lulin.data.bg.domain >
> unknown.ddns.HomeLan.BG.1066: 12946 1/5/5 A star.slashdot.org
> (238) 12:54:03.094087 IP unknown.ddns.HomeLan.BG >
> rtr-lulin.data.bg: icmp 36: time exceeded in-transit
>
> Надявам се някой да помогне.
>
> Мерси предварително.
>
> Поздрави,
>
> Петър
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iQIVAwUBQr6y6bd636dQBaA0AQL4Eg//aqau/NV31HY7pFFLTSZc/ECHhvggAaTn
L6dVSGjumWRXfjx5HwBqFYjR+HSADtn6iO3EsRxGAbXb3+BQWLpPP0e6p2qK6d93
i2BQKX4Tvs+Ju6enN4W6UWJW/yF42feMbsovi6MxDYvnbCp3aesyfzZkbGoxLLtX
jwLtOXhc14WSAwJN6bFCJt0HqOC5ieeHk9j97GQR5nkfd9PtcQFu6+Z3C4Z6Fzht
xLWw7Qz0WezkJrvlww+y8p7HP8nhG+VkUgEhVAmnQDZvPFlwbq4aiQGjMGvtdzH+
YZsly8J7zEBYjfBo9BKPUJAgSAoFFbwVgGdEHB+/8mCgHHH0aoT0TPThRQmhVaA6
cXpEG7vCQAAs9t4oPBNg7IcGW0/791a0UlZ+geBj106uEollOKMex39wsz5avy1/
t3gBM8LYhkynjLwPicK1Gu2f+qZDqGX5MEVNE+zu7vh4ruO7dXK+0itdq+NDR2x6
r3bzDowNzlHJbAntc5B/YwKGEZhAcXiqaEJxSTKgGt1LD2Y9KKSPYLk7viaNkmyA
4kDO+QR857vJ+kRrmYc+hpvqODgutIelozFR6QF+xyGoiUZsZ5j+hyJWVgYgDpG2
A8vysSiou3m02E0H9InEYosHM7ivq4BSFrMtDW2ECtBbF31YoEUzJMR7RqX4Dybf
BGqwynNWwro=
=Zjbt
-----END PGP SIGNATURE-----
begin:vcard
fn:Rosen Nedialkov
n:Nedialkov;Rosen
org:Atia Ltd.;Software
adr:;;;Sofia;;;Bulgaria
email;internet:hotrod@xxxxxxxxx
title:Q/A
tel;cell:+359888795365
note;quoted-printable:ICQ: 38412555=0D=0A=
home: www.izrod.com
x-mozilla-html:FALSE
url:http://soft.atia.com
version:2.1
end:vcard
|