Router

Well I have a problem and I try everything but I failed.

I have a freebsd box with two nic.
first nic 10.0.0.50 is connected to the adsl modem 10.0.0.2
second nic 192.168.0.50 is connected to a swith and the switch
is connected to a windows pc 192.168.0.200
Now, everything is working great, the pc can talk to the freebsd
box, but I want for the windows pc to talk to the adsl modem and
I failed to do that, the windows pc is 192.168.0.200 and the adsl
modem is 10.0.0.2 but the freebsd is between them so what can
I do at the freebsd box so 192.168.0.200 can talk to 10.0.0.2

Note:
windows pc 192.168.0.200 can ping the first nic 10.0.0.50
windows pc 192.168.0.200 can ping the second nic 192.168.0.50

Please help, I'm going crazy.

I guess you didn't tell the freebsd box yet that it is router now?

Configuration:

Enable without rebooting:


hth,
M.

I have gateway_enable="YES" in my rc.conf
What else can be the problem, please help.

The default gateway on the windows box must be set to 192.168.0.50.

Firewall settings on any of your machines could be a problem too.

Make a traceroute from the windows pc to an IP on the internet and see where it stops.

M.

The IP of the gateway on the windows box is set to 192.168.0.50.
The windows box can access the internet with no problem.

The system is freebsd 5.3

I have another box with a fresh install and with no firewall and the same problem.

The trace route:

]Tracing route to www.google.akadns.net [64.233.161.104
ver a maximum of 30 hops

1 1 ms 1 ms <10 ms 192.168.0.50
]2 22 ms 65 ms 34 ms lo0.lns04.tlv.nv.net.il [212.143.208.131
]3 39 ms 97 ms 40 ms vl101.lnslb01.tlv.nv.net.il [212.143.208.126
]4 45 ms 30 ms 25 ms gi1-0.core2.tlv.nv.net.il [212.143.10.66
]5 125 ms 109 ms 110 ms pos2-6.brdr1.lnd.nv.net.il [212.143.12.3
]6 197 ms 229 ms 204 ms ge9-1.br02.ldn01.pccwbtn.net [63.218.52.13
7 181 ms 233 ms 189 ms 195.66.224.125
8 237 ms 231 ms 219 ms 216.239.47.133
9 199 ms 201 ms 199 ms 216.239.46.137
10 207 ms 202 ms 197 ms 216.239.46.34
11 221 ms 215 ms 203 ms 216.239.47.156
12 245 ms 206 ms 201 ms 216.239.48.190
13 228 ms 184 ms 183 ms 64.233.161.104

.Trace complete
4

Trace complete.

Maybe it was a problem on the first box, but the problem is on the second box too.

My rc.conf on the first box:
defaultrouter="192.168.0.100"
gateway_enable="YES"
hostname="ns.dipdns.org"
ifconfig_xl0="inet 192.168.0.50 netmask 255.255.255.0"
ifconfig_fxp0="inet 10.0.0.50 netmask 255.0.0.0"
sshd_enable="YES"
sendmail_enable="NONE"
ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib /usr/local/mysql/lib/mysql"
syslogd_flags="-s -l /var/chroot/named/dev/log"
linux_enable="YES"
#
ipfilter_enable="YES"
ipnat_enable="YES"
#
ppp_enable="YES"
ppp_mode="ddial"
ppp_profile="myisp"
ppp_nat="NO"



Note:
defaultrouter="192.168.0.100"
was the gateway when I install the box, now the gateway of the box is the ppp.

More trace route:
C:\WINDOWS>tracert 192.168.0.50

Tracing route to 192.168.0.50 over a maximum of 30 hops

1 <10 ms <10 ms <10 ms 192.168.0.50

.Trace complete

C:\WINDOWS>tracert 10.0.0.50

Tracing route to 10.0.0.50 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 10.0.0.50

.Trace complete

>C:\WINDOWS
S>

C:\WINDOWS>tracert 10.0.0.2

Tracing route to 10.0.0.2 over a maximum of 30 hops

1 <10 ms 1 ms 1 ms 192.168.0.50
.2 * * * Request timed out
.3 * * * Request timed out
.4 * * * Request timed out
.5 * * * Request timed out
.6 * * * Request timed out
.7 * * * Request timed out
.8 * * * Request timed out
* * 9

* *

Did you replace the default kernel or did you enable the packet filter maybe?


Why and how was this IP chosen? And what is the IP of the ADSL "modem"?
(If it is a 192.168.0.* too, you would have to change the other subnet to 192.168.1.*)

M.

Some more things I noticed:

You DID enable the packet filter.


Sorry, didn't see this the first time. The windows box is working? I don't get it. On which box(es) did you run which traceroute? What was it again that does NOT work?

Yes, I replace the default kernel.
192.168.0.100 was anouther box that is now offline, it was conected to the internet
so I used it as a gateway because I install the freebsd box over the net.
IP of the adsl modem is 10.0.0.2
The windows box is working great, it can access the internet.
The trace route was made on the windows box.
The only problem is that the windows box can't access (ping) the adsl modem

Note:
ns# netstat -nr
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 212.143.208.131 UGS 0 1761993 tun0
10 link#1 UC 0 0 fxp0
127.0.0.1 127.0.0.1 UH 0 12 lo0
192.168.0 link#2 UC 0 0 xl0
192.168.0.50 00:10:5a:73:0d:30 UHLW 0 227 lo0
192.168.0.200 00:80:ad:78:19:5a UHLW 0 6790 xl0 1106
192.168.0.201 00:60:97:7f:42:8f UHLW 0 1746124 xl0 929
212.143.208.131 212.143.147.149 UH 1 0 tun0

The ADSL modem has its own IP, but still you setup PPP on the router? Sorry, I still don't understand

Wait... This is the problem!

You can access the internet because NAT is done BEFORE routing.
But when you try to access 10.0.0.2, it is being routed via the ethernet device, not to the ppp, thus the packet is sent into nirvana.

You assigned an IP to the ethernet device pointing to your ADSL modem. But the IP is in the same subnet as the PPPOE connection. This can't work. You are confusing the routing algorithms. You would have to setup very complicated routes for such a "special" setup, but this is not what you need here anyway.

Remove the IP "10.0.0.50". This should be all about it.

hth,
M.

How should I remove the IP?

Remove it from rc.conf. It is a line similar to this:
ifconfig_vr0="inet ....

The suffix (vr0 here) is driver dependent.

hth,
M.

O.K. I remove ifconfig_fxp0="inet 10.0.0.50 netmask 255.0.0.0"
and reboot, the box can connect to the internet (I'm suprise that it can connect to
the adsl modem without having the nic an ip address) but I still can't ping/access the
adsl modem from the windows pc.

I'm sure that sysctl net.inet.ip.forwarding=1 is set and working
because I can access the internet, I set it to 0 and the internet isn't working so I
set it to 1 again.

Now I can't ping the adsl modem from the bsd box.
There is no route:
ns# netstat -nr
Routing tables

Internet:
Destination Gateway Flags Refs Use Netif Expire
default 212.143.205.166 UGS 0 39657 tun0
127.0.0.1 127.0.0.1 UH 0 12 lo0
192.168.0 link#2 UC 0 0 xl0
192.168.0.50 00:10:5a:73:0d:30 UHLW 0 36 lo0
192.168.0.200 00:80:ad:78:19:5a UHLW 0 1185 xl0 871
192.168.0.201 00:60:97:7f:42:8f UHLW 0 34726 xl0 967
212.143.205.166 212.143.147.149 UH 1 0 tun0




This is my kernel config, maybe I forget something:
machine i386
cpu I586_CPU
ident nskernel

#To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" #Default places to look for devices.

#makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols

options IPDIVERT #divert sockets
options IPFILTER # IPFilter support
options IPFILTER_LOG # IPFilter logging support
#options IPFILTER_DEFAULT_BLOCK # Block all packets by default

options NETGRAPH
options NETGRAPH_ETHER
options NETGRAPH_PPPOE
options NETGRAPH_SOCKET

options BRIDGE

options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL
options DUMMYNET
options HZ=1000
options IPSTEALTH #support for stealth forwarding

options QUOTA

options SCHED_4BSD #4BSD scheduler
options INET #InterNETworking
options INET6 #IPv6 communications protocols
options FFS #Berkeley Fast Filesystem
options SOFTUPDATES #Enable FFS soft updates support
options UFS_ACL #Support for access control lists
options UFS_DIRHASH #Improve performance on big directories
options MD_ROOT #MD is a potential root device
options NFSCLIENT #Network Filesystem Client
options NFSSERVER #Network Filesystem Server
options NFS_ROOT #NFS usable as /, requires NFSCLIENT
options MSDOSFS #MSDOS Filesystem
options CD9660 #ISO 9660 Filesystem
options PROCFS #Process filesystem (requires PSEUDOFS)
options PSEUDOFS #Pseudo-filesystem framework
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 #Compatible with FreeBSD4
options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.

# Debugging for use in -current
#options DDB #Enable the kernel debugger
#options INVARIANTS #Enable calls of extra sanity checking
options INVARIANT_SUPPORT #Extra sanity checks of internal structures, required by INVARIANTS
#options WITNESS #Enable checks to detect deadlocks and cycles
#options WITNESS_SKIPSPIN #Don't run witness on spinlocks for speed

# To make an SMP kernel, the next two are needed
options SMP # Symmetric MultiProcessor Kernel
device apic # I/O APIC

device isa
device pci

# Floppy drives
device fdc

# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device ataraid # ATA RAID drives
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID #Static device numbering

# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse

device vga # VGA video card driver
device agp # support several AGP chipsets

device splash # Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device sc


# Floating point support - do not disable.
device npx

# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer


# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports

# Parallel port
device ppc
device ppbus # Parallel port bus (required)
device lpt # Printer
device plip # TCP/IP over parallel
device ppi # Parallel port interface device
#device vpo # Requires scbus and da

# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel PRO/1000 adapter Gigabit Ethernet Card
device txp # 3Com 3cR990 (``Typhoon'')
device vx # 3Com 3c590, 3c595 (``Vortex'')

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device bfe # Broadcom BCM440x 10/100 ethernet
device bge # Broadcom BCM570xx Gigabit Ethernet
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems SiS 900/SiS 7016
device sk # SysKonnect SK-984x and SK-982x gigabit ethernet
device ste # Sundance ST201 (D-Link DFE-550TX)
device ti # Alteon Networks Tigon I/II gigabit ethernet
device tl # Texas Instruments ThunderLAN
device tx # SMC EtherPower II (83c170 ``EPIC'')
device vr # VIA Rhine, Rhine II
device wb # Winbond W89C840F
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')

# Pseudo devices - the number indicates how many units to allocate.
device random # Entropy device
device loop # Network loopback
device ether # Ethernet support
device sl # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
device gre # IP over IP tunneling


# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
device bpf # Berkeley packet filter

# The system memory devices; /dev/mem, /dev/kmem
device mem

The ADSL modem works without an IP because PPPoE is PPPoverEthernet. IP is a level above ethernet and not needed therefore.

I guess there is some kind of misunderstanding here. Why do you think your ADSL modem's IP is 10.0.0.2?

Your ADSL modem address is 212.143.205.166, not 10.0.0.2.

hth,
M.