Debian Client / OpenBSD NAT Very Strange Problem. A hand would be appreciated, at least to understand the problem! I am lost.
Hello:
I must apologize for the crossposting, but I am not sure whether the problem
is in the OpenBSD or the Debian Box. Let me explain. (I am posting to
OpenBSD list and the Debian also)
I would like to make this clear before proceding. I have READ THE
DOCUMENTATION. I printed 200 pages of FAQ's/pppoe/obsd as a gateway and many
other stuff.
with that in mind...
Scenario:
- 4 Clients -> 3 Win9x. 1 Linux Debian Sid/2.4.2 not patched.
- 1 Firewall NAT. WAS RedHat 6.1. Now it's OpenBSD 2.8 (GENERIC)
- 1 adsl connection made through pppoe out of the box. (In the RedHat box i
downloaded the latest version).
- The Server has 2 well recognized RTL8129.
- Workstations are spread across 3 hubs (because two of them are 35 meters
away the server).
Situtaion 1: Sunday Morning.
- RedHat 6.1 running ip_masquerade / some ipchains rules / Samba as PDC /
Apache 1.3.14 / Sendmail 8.x / Bind 8.x / pppoe
- Everything worked Perfect. (yeah, i have had no damn major problems). But
ANYWAY I decided to replace redhat with OpenBSD.
Don't ask why. =)
Situation 2: Today.
- OpenBSD 2.8 (GENERIC) running all but pppoe (which I configured thanks to
the faq someone here pointed me to).
- rl0: 10.0.0.1 255.255.0.0 media 10baseT (i've tried 100baseTX, same
problem).
- rl1: 192.168.9.1 255.255.255.0 same media. (fake ip i gave to the iface)
- rl0 is connected to a hub and that is the internal lan...
- rl1 is connected to adsl suscriber via crossover cable. (and it works
ok... i can assure it)
- All Cables are supposed to work ok (they are brand new and were working
saturday evening, prior to installation)
Ok. OpenBSD connects through ppp -ddial pppoe and it works OK. even when it
says that tun0 does not support ipv6... something like that. But it connects
and I have access to internet. It stays connected.
Problems:
a) I have some ipnat.rules -> map tun0 xxxxxx
But when the Computer Boots tun0 does not exist yet. Because the ppp -ddial
pppoe is exectued at the end of rc.local
So I receive some error messages indicating error in ipnat.rules regarding
tun0... (this is not too important)
b) More important. Whether being connected or not, if I ping any of the
internal computers i get 85% packet loss (or even more). I changed Hub and
Cables and there is no improve.
If I ping (always from the Obsd box) an external host, the adsl is fine.
Now, it sounds like it's an Internal Problem? Keep Reading...
As I've said, I have changed hubs, and a lot of network stuff,
disconnecting every hub, etc. with no success...
c) Someting strange: I was testing from obsd to debian only (on the same
hub) because it was too late and I had no access to the other
workstations... This morning i pinged from a win9x laptop a few hubs away
and it seemed to work ok, even when the 'nat' response was horrible. I was
able to enter www.openbsd.org after 2 minutes... and a few timeouts from
IExplorer, but after insisting 4 or 5 times... i got ther. Even when the
Ping running was <10ms, i wasn't able to surf nor do anything else fast.
This is getting more strange.
d) I decided to do something. I only have One crossover cable, so I
unplugged the adsl suscriber, and connected the obsd box with the debian box
directly (without hub) and the ping was, again, <10ms!!! no packet loss.
Excellent.
e) I though then, ok, the cables are wrong, the hub, something. I removed
EVERYTHING and put a new hub/cables, reconnected the crossover to the
suscriber and .. again, 85-90% loss... amazing.
Since I was tired I didn't do more tests. The Debian Box as well as the
win98 box have 10.0.0.xxx /255.255.0.0 ip addresses. If I set up in obsd the
rl1 (External) with a 10.0.0.x ip i will get an ifconfig: SCIOCADDR error..
(in use or something like that). And in linux was like that because it made
an ifconfig eth1 down before proceeding. Seems like obsd does not. But that
is a matter of no importance.
Now, my problem seems to be on the obsd? or the debian? Is it nat? is it the
NIC?
Any idea will be appreciated, because I am lost with this problem. I have
also (I forgot to mention) changed the mtu-mru to 1492 as the help
suggests.. but I am not sure whether this is being changed or not.
Ideas? Comments? Bugs? Kill Myself?
Thanks in advance.
Martin Marconcini.
ps: If there is anything it might help you to help me, please let me know, a
dmesg? a config? (I haven't changed anything far from the defaults and what
the readme/faq says...)
Martin Marconcini
Departamento de Sistemas
www.circuloasegurador.com
José Andrés Pacheco de Melo 2945, Piso 1 Oficina 6
Buenos Aires - ARGENTINA (C1425AUK)
Phone: +54 (11) 4807-7666
Este mensaje es estrictamente confidencial. Puede contener informacion
amparada y protegida por el secreto profesional. Si usted ha recibido este
e-mail por error, por favor comuniquese inmediatamente via e-mail a
?atencion@circuloasegurador.com" o al número telefónico +54 (11) 4807-7666 y
eliminelo de su sistema. Este mensaje no puede ser copiado ni divulgado su
contenido a ninguna persona.
This message is strictly confidential. It may also be privileged or
otherwise protected by work product immunity or other legal rules. If you
have received it by mistake please let us know by reply or to
"atencion@circuloasegurador.com" or to the telephone number +54 (11)
4807-7666 and then delete it from your system. You should not copy the
message or disclose its contents to anyone.
____________________________________________
Reply to: