problem with ip forwarding on openbsd

15 pts.
Tags:
Linux
We are currently building two new servers as openbsd firewalls. During our testing, connectivity broke. We have disabled pf so it won't cause problems. In our ping tests we found the packets aren't getting forwarded. ipforwarding is set to 1. When we ran netstat -r we found it takes forever, (more than ten minutes so far), to display the routes on the interfaces. From both sides we can ping into the far side of the firewall but not any devices on the same net as the far side of the firewall. Is there anyplace else where routing can get messed up? I'm reaching the point of doing a re-install but would like to know how this could happen. Thanks. rt
ASKED: September 6, 2005  7:40 PM
UPDATED: September 14, 2005  4:15 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

What does netstat -nr show? If it comes up right away, you most likely have a reverse DNS issue.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Astronomer
    Thanks for the response. We rebuilt the box from scratch. Now we seem to have connectivity. One thing we noticed is netstat -r takes forever to execute on the bsd 3.7 system, even after we rebuilt it. Is this normal? On the existing system running 3.5 it executes immediately. The old system is an obsolete gateway workstation. The new boxes are dell 1850 servers. We haven't configured DNS and all rules are based on IP. We have static routes pointing to the external router as default and the pix as the route to our internal net. This worked well for BSD 3.5 although we have had hardware reliability issues with the old workstations. rt
    15 pointsBadges:
    report
  • This213
    If the machine's not coming back with its own routes immediately (or almost immediately), there's a problem somewhere. You mentioned you were building this as a firewall, I would assume your rules are to dump anything you don't explicitly allow - have you allowed localhost (127.0.0.1) traffic? What happens if you apply your ruleset to one of the other boxes? As a side note, I believe that disabling pf still does not open your system up, try "iptables -L" to make sure.
    0 pointsBadges:
    report
  • Astronomer
    During our connectivity tests we have pf disabled. iptables isn't a part of OpenBSD. When I run netstat -r, it takes about 19 minutes to display the ipv4 routes. default, loopback, and localhost happen immediately. In our tests, we haven't tried anything requiring another hop yet, but pings to adjacent systems don't seem to be a problem. Thanks. rt
    15 pointsBadges:
    report
  • Astronomer
    I think I figured out the netstat issue. On our test lab we aren't running DNS. When I ran netstat -rn the table scrolled by immediately. I believe the system was trying to find DNS names for the addresses in the route table. Thanks for the responses. Now all I have to figure out is why one of our linux test boxes will ping out but doesn't respond to pings,(even after changing the hardware and rebuilding from scratch). This was the source of much confusion during our connectivity tests. rt
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following