Coda routing problems

Thu, 18 Sep 2003 21:01:07 -0700 

I think I'm having a routing issue and would greatly appreciate any
feedback anyone might have.

I have two linux boxes, both running an up-to-date cvs checkout of
coda.  The server has three interfaces, the external (eth0), the dmz
(eth2, 192.168.2.1), and the internal (eth1, 192.168.1.1).  When I
configured the coda server it picked up the IP of the internal
interface, 192.168.1.1.  I have three clients that need to access the
same server, one through each interface.  To make matters even more
fun, the DMZ and external clients will get access through a FreeS/WAN
VPN.

The client I am testing from is 192.168.2.11, accessing through the DMZ
interface, through IPSec.

I get about 10 copies of this error in SrvLog
23:13:36 client_GetVenusId: got new host 192.168.2.11:32945
23:13:36 Building callback conn.
23:13:36 Callback message to 192.168.2.11 port 32945 failed RPC2_NOTCLIENT (F)
23:13:36 Worker1: Unbinding RPC connection 452227915

From what I can gather, these indicate the packets are not getting back
to the client, usually because of routing problems.

I have attached a tcpdump of udp traffic when these errors were
happening.  This definitely shows a schizophrenic mix of traffic
to/from 192.168.1.1 and 192.168.2.1.

This is the routing table on the server:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.11    192.168.2.11    255.255.255.255 UGH   0      0        0 ipsec2
192.168.2.10    192.168.2.10    255.255.255.255 UGH   0      0        0 ipsec2
external-ip     0.0.0.0         255.255.255.252 U     0      0        0 eth0
external-ip     0.0.0.0         255.255.255.252 U     0      0        0 ipsec0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 ipsec2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         external-ip     0.0.0.0         UG    0      0        0 eth0

I have masquerade set in the client's venus.conf, and I tried setting
ipaddress="192.168.2.1" in server.conf, but neither helped.

So, to try to debug I convinced the coda server it was really on the
DMZ IP (changed a couple entries in /vice to the hostname of the DMZ
interface).  I restarted coda on the server and bingo, everything
works.  This eliminates the VPN and the firewall as potential problems.

So, it is most definitely a routing issue, which I can fix for this one
client.  However, now all of my other clients are going to have the
same routing issue my test server was having.

Does anyone know how I can solve this so all three clients, accessing
through all three interfaces of the server will work properly.

Thanks,
   Omen

-- 
Whom computers would destroy, they must first drive mad.

22:55:49.992724 192.168.2.11.32940 > 192.168.1.1.codasrv: udp 297 (DF)
22:55:49.996385 192.168.2.1.codasrv > 192.168.2.11.32940: udp 80 (DF)
22:55:49.996833 192.168.2.11.32940 > 192.168.1.1.codasrv: udp 116 (DF)
22:55:50.028372 192.168.2.1.codasrv > 192.168.2.11.32940: udp 292 (DF)
22:55:50.028760 192.168.2.11.32940 > 192.168.2.1.codasrv: udp 80 (DF)
22:55:50.031760 192.168.2.1.codasrv > 192.168.2.11.32940: udp 72 (DF)
22:55:50.032128 192.168.2.11.32940 > 192.168.2.1.codasrv: udp 60 (DF)
22:55:50.035117 192.168.2.1.codasrv > 192.168.2.11.32940: udp 60 (DF)
22:55:50.035960 192.168.2.11.32940 > 192.168.1.1.codasrv: udp 297 (DF)
22:55:50.039445 192.168.2.1.codasrv > 192.168.2.11.32940: udp 80 (DF)
22:55:50.039715 192.168.2.11.32940 > 192.168.1.1.codasrv: udp 116 (DF)
22:55:50.043075 192.168.2.1.codasrv > 192.168.2.11.32940: udp 292 (DF)
22:55:50.043380 192.168.2.11.32940 > 192.168.2.1.codasrv: udp 80 (DF)
22:55:50.046273 192.168.2.1.codasrv > 192.168.2.11.32940: udp 72 (DF)
22:55:50.046564 192.168.2.11.32940 > 192.168.2.1.codasrv: udp 60 (DF)
22:55:50.049393 192.168.2.1.codasrv > 192.168.2.11.32940: udp 60 (DF)
22:55:50.049944 192.168.2.11.32940 > 192.168.1.1.codasrv: udp 297 (DF)
22:55:50.053409 192.168.2.1.codasrv > 192.168.2.11.32940: udp 80 (DF)
22:55:50.053668 192.168.2.11.32940 > 192.168.1.1.codasrv: udp 116 (DF)
22:55:50.056973 192.168.2.1.codasrv > 192.168.2.11.32940: udp 292 (DF)
22:55:50.057234 192.168.2.11.32940 > 192.168.2.1.codasrv: udp 80 (DF)
22:55:50.060182 192.168.2.1.codasrv > 192.168.2.11.32940: udp 72 (DF)
22:55:50.061883 192.168.2.11.32940 > 192.168.2.1.codasrv: udp 60 (DF)
22:55:50.064899 192.168.2.1.codasrv > 192.168.2.11.32940: udp 60 (DF)
22:55:50.065778 192.168.2.11.32940 > 192.168.1.1.codasrv: udp 297 (DF)
22:55:50.069185 192.168.2.1.codasrv > 192.168.2.11.32940: udp 80 (DF)
22:55:50.069480 192.168.2.11.32940 > 192.168.1.1.codasrv: udp 116 (DF)
22:55:50.072864 192.168.2.1.codasrv > 192.168.2.11.32940: udp 292 (DF)
22:55:50.073206 192.168.2.11.32940 > 192.168.2.1.codasrv: udp 80 (DF)
22:55:50.076374 192.168.2.1.codasrv > 192.168.2.11.32940: udp 72 (DF)
22:55:50.076694 192.168.2.11.32940 > 192.168.2.1.codasrv: udp 60 (DF)
22:55:50.079616 192.168.2.1.codasrv > 192.168.2.11.32940: udp 60 (DF)

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to