Re: problems with networking and route command
In freebsd-questions Digest, Vol 415, Issue 6, Message: 1 On Fri, 18 May 2012 08:07:16 -0400 David Banning david+dated+1337774837.907...@skytracker.ca wrote: It is machines that connect and receive via DHCP 192.168.1.2 and above that can't connect to the internet though the server. I don't know a whole lot about route - I have been attempting a variation of route commands without success. [Chuck Swiger wrote:] You need to implement NAT on this box, since 192.168.0.0/16 is an RFC-1918 unrouteable private network range. I previously connected to the internet using ppp with the -nat option and now my connection has changed - so that makes sense. So I implemented natd. Unfortunately natd does not work as yet. I followed the setup as laid out in man natd and also used the layout in; http://www.freebsddiary.org/ipfw.php I've since seen Derek's response in the archives (I get the digests) at http://lists.freebsd.org/pipermail/freebsd-questions/2012-May/241035.html and I agree that 1998 is far too old to be of much use. I differ however about advisability of referring to the Handbook IPFW page, which frankly sucks - the only section of the Handbook that does, that I know of; you will find ipfw(8) and /etc/rc.firewall to be much better friends. Here is my natd setup 1. Compiled IPFIREWALL IPDIVERT into my kernel - went fine. Didn't need to, both will load from modules from the /etc/rc.d scripts. Many these days prefer to use in-kernel NAT (firewall_nat_enable=YES) instead, but natd still works as ever; you can always switch later. Here is my rc.conf network related entries; natd_enable=YES natd_interface=rl0 natd_flags=-f /etc/natd.conf gateway_enable=YES ifconfig_rl0=inet 64.40.244.36 netmask 255.255.255.240 defaultrouter=64.40.244.33 ifconfig_vr0=DHCP ifconfig_vr0=up ifconfig_vr0=inet 192.168.1.1 Only the last ifconfig_vr0 counts, but that's ok, DHCP is for clients, not where vr0 gets its address from, right? Ah, you fix that below .. network_interfaces=rl0 vr0 lo0 ifconfig_lo0=inet 127.0.0.1 firewall_enable=YES firewall_script=/etc/firewall.rules firewall_type=simple firewall_logging=YES firewall_type only applies where firewall_script=/etc/rc.firewall, however that would be ignored by your custom /etc/firewall.rules. dhcpd_ifaces=vr0 dhcpd_enable=YES My firewall rules; ipfw add 64000 allow ip from any to any ipfw add divert natd all from any to any via rl0 ipfw add allow tcp from any to 192.168.2.1 139 ipfw add allow tcp from any to 192.168.1.1 139 That won't work; after specifying the current rule as 64000, subsequent unnumbered rules will be placed at 64100, 64200 etc - so they will never be reached. If you put that 'allow all' at the end that would work, although a default policy of 'deny all' is very much safer. ipfw add 6000 deny tcp from any to 64.40.244.36 139 ipfw add 6010 deny tcp from any to 64.40.244.36 445 These two will now be the first rules encountered, being so numbered. You'll also want to deny an awful lot more than NETBIOS packets to your outside address, see below. ipfw add deny tcp from any to any 139 And that will go at the end, again after everything has been allowed. Always use 'ipfw list' or 'ipfw show' to check your running ruleset. I would seriously advise you to consider using the rc.firewall 'simple' ruleset, at least as a basis, for a setup like yours. It's designed specifically to protect small networks, and particularly to place the NAT rules in just the right place between inbound and outbound anti- spoofing rules. See /etc/defaults/rc.conf for the variables you can set that should work more or less out of the box, though you may want to modify rc.firewall (or better, a copy of it, say rc.myfirewall) if you need to any add particular rules for specific services you need. It will also protect your IPv6 network, if that's relevant to you. My /etc/natd.conf; interface rl0 use_sockets yes same_ports yes Should be ok. You already have natd_interface=rl0 in rc.conf. Consider 'unregistered_only yes', particularly if not using the anti-spoofing rules provided in rc.firewall 'simple'. My /etc/services includes the line; natd 8668/divert # Network Address Translation socket Output of ifconfig; # ifconfig fwe0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 ether 02:11:d8:b3:0e:43 ch 1 dma -1 vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::16d6:4dff:fe47:88ae%vr0 prefixlen 64 scopeid 0x2 ether 14:d6:4d:47:88:ae media: Ethernet autoselect (100baseTX full-duplex) status: active rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 64.40.244.36 netmask 0xfff0 broadcast 64.40.244.47 inet6
Re: problems with networking and route command
At 07:07 AM 5/18/2012, David Banning wrote: It is machines that connect and receive via DHCP 192.168.1.2 and above that can't connect to the internet though the server. I don't know a whole lot about route - I have been attempting a variation of route commands without success. You need to implement NAT on this box, since 192.168.0.0/16 is an RFC-1918 unrouteable private network range. I previously connected to the internet using ppp with the -nat option and now my connection has changed - so that makes sense. So I implemented natd. Unfortunately natd does not work as yet. I followed the setup as laid out in man natd and also used the layout in; http://www.freebsddiary.org/ipfw.php Here is my natd setup 1. Compiled IPFIREWALL IPDIVERT into my kernel - went fine. Here is my rc.conf network related entries; natd_enable=YES natd_interface=rl0 natd_flags=-f /etc/natd.conf gateway_enable=YES ifconfig_rl0=inet 64.40.244.36 netmask 255.255.255.240 defaultrouter=64.40.244.33 ifconfig_vr0=DHCP ifconfig_vr0=up ifconfig_vr0=inet 192.168.1.1 network_interfaces=rl0 vr0 lo0 ifconfig_lo0=inet 127.0.0.1 firewall_enable=YES firewall_script=/etc/firewall.rules firewall_type=simple firewall_logging=YES dhcpd_ifaces=vr0 dhcpd_enable=YES My firewall rules; ipfw add 64000 allow ip from any to any ipfw add divert natd all from any to any via rl0 ipfw add allow tcp from any to 192.168.2.1 139 ipfw add allow tcp from any to 192.168.1.1 139 ipfw add 6000 deny tcp from any to 64.40.244.36 139 ipfw add 6010 deny tcp from any to 64.40.244.36 445 ipfw add deny tcp from any to any 139 My /etc/natd.conf; interface rl0 use_sockets yes same_ports yes My /etc/services includes the line; natd 8668/divert # Network Address Translation socket Output of ifconfig; # ifconfig fwe0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 ether 02:11:d8:b3:0e:43 ch 1 dma -1 vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::16d6:4dff:fe47:88ae%vr0 prefixlen 64 scopeid 0x2 ether 14:d6:4d:47:88:ae media: Ethernet autoselect (100baseTX full-duplex) status: active rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 64.40.244.36 netmask 0xfff0 broadcast 64.40.244.47 inet6 fe80::211:95ff:fe66:7162%rl0 prefixlen 64 scopeid 0x3 ether 00:11:95:66:71:62 media: Ethernet autoselect (100baseTX full-duplex) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff00 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 From my initial communication I have swapped the uses of the two network cards - which explains the reversal of entries for devices vr0 and rl0. Still I have server connection to the internet on rl0 and server connection to the network on vr0 - but the network cannot connect to the internet via rl0. If there are any commands that would help collect information leading to the answer I would appreciate any feedback. Try using the examples here: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html That freebsddiary article is very old, and many versions ago. Essentially you need to forward the packets from your NAT'd private interface over to the interface on the internet. You can try this using an open firewall, sending all packets to test the setup. Then add rules to lock it down to only the ports you want to allow. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problems with networking and route command
It is machines that connect and receive via DHCP 192.168.1.2 and above that can't connect to the internet though the server. I don't know a whole lot about route - I have been attempting a variation of route commands without success. You need to implement NAT on this box, since 192.168.0.0/16 is an RFC-1918 unrouteable private network range. I previously connected to the internet using ppp with the -nat option and now my connection has changed - so that makes sense. So I implemented natd. Unfortunately natd does not work as yet. I followed the setup as laid out in man natd and also used the layout in; http://www.freebsddiary.org/ipfw.php Here is my natd setup 1. Compiled IPFIREWALL IPDIVERT into my kernel - went fine. Here is my rc.conf network related entries; natd_enable=YES natd_interface=rl0 natd_flags=-f /etc/natd.conf gateway_enable=YES ifconfig_rl0=inet 64.40.244.36 netmask 255.255.255.240 defaultrouter=64.40.244.33 ifconfig_vr0=DHCP ifconfig_vr0=up ifconfig_vr0=inet 192.168.1.1 network_interfaces=rl0 vr0 lo0 ifconfig_lo0=inet 127.0.0.1 firewall_enable=YES firewall_script=/etc/firewall.rules firewall_type=simple firewall_logging=YES dhcpd_ifaces=vr0 dhcpd_enable=YES My firewall rules; ipfw add 64000 allow ip from any to any ipfw add divert natd all from any to any via rl0 ipfw add allow tcp from any to 192.168.2.1 139 ipfw add allow tcp from any to 192.168.1.1 139 ipfw add 6000 deny tcp from any to 64.40.244.36 139 ipfw add 6010 deny tcp from any to 64.40.244.36 445 ipfw add deny tcp from any to any 139 My /etc/natd.conf; interface rl0 use_sockets yes same_ports yes My /etc/services includes the line; natd 8668/divert # Network Address Translation socket Output of ifconfig; # ifconfig fwe0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 ether 02:11:d8:b3:0e:43 ch 1 dma -1 vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::16d6:4dff:fe47:88ae%vr0 prefixlen 64 scopeid 0x2 ether 14:d6:4d:47:88:ae media: Ethernet autoselect (100baseTX full-duplex) status: active rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 64.40.244.36 netmask 0xfff0 broadcast 64.40.244.47 inet6 fe80::211:95ff:fe66:7162%rl0 prefixlen 64 scopeid 0x3 ether 00:11:95:66:71:62 media: Ethernet autoselect (100baseTX full-duplex) status: active lp0: flags=8810POINTOPOINT,SIMPLEX,MULTICAST mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet 127.0.0.1 netmask 0xff00 ppp0: flags=8010POINTOPOINT,MULTICAST mtu 1500 sl0: flags=c010POINTOPOINT,LINK2,MULTICAST mtu 552 faith0: flags=8002BROADCAST,MULTICAST mtu 1500 From my initial communication I have swapped the uses of the two network cards - which explains the reversal of entries for devices vr0 and rl0. Still I have server connection to the internet on rl0 and server connection to the network on vr0 - but the network cannot connect to the internet via rl0. If there are any commands that would help collect information leading to the answer I would appreciate any feedback. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problems with networking and route command
Hi-- On May 16, 2012, at 1:08 PM, David Banning wrote: [ ... ] It is machines that connect and receive via DHCP 192.168.1.2 and above that can't connect to the internet though the server. I don't know a whole lot about route - I have been attempting a variation of route commands without success. You need to implement NAT on this box, since 192.168.0.0/16 is an RFC-1918 unrouteable private network range. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: problems with networking...
Michael Hawkins [EMAIL PROTECTED] wrote: oops, sorry about the -m, lack of sleep and alll /etc/rc.conf: amd_enable=YES hostname=[Removed] ifconfig_vr0=DHCP inetd_enable=YES rpcbind_enable=YES sshd_enable=YES usbd_enable=YES #netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.11.12.254 UGS 0 24 vr0 10.11.12/24 link#1 UC 0 0 vr0 10.11.12.254 ff:ff:ff:ff:ff:ff UHLWb 2 37 vr0 127.0.0.1 127.0.0.1 UH 0 8 lo0 ..for some reason I don't think that MAC addy of all f's is a good thing, but this is the first I've seen of it.. No, it's not. The output of arp -an might be helpful to this, but I suspect you've got an underlying network issue. Also (for the second time) keep the mailing list in the loop. In particular, I'll be leaving shortly and won't have access to email for several days. On 8/18/07, Bill Moran [EMAIL PROTECTED] wrote: [Please keep the mailing list in the CC] Michael Hawkins [EMAIL PROTECTED] wrote: Certainly. Here it is: #ifconfig -a vr0: flags=8843UP,BROADCAST ,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 10.11.12.253 netmask 0xff00 broadcast 10.11.12.254 That's really strange. Your broadcast address should be 10.11.12.255. It's quite likely that this is part of your problem, but I can't imagine how you could have arrived at this configuration. What is in /etc/rc.conf? ether [MAC ADDRESS REMOVED] media: Ethernet autoselect (100baseTX full-duplex) statusL active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING ,MULTICAST mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 #netstat -m 65/205/270 mbufs in use (current/cache/total) 64/134/198/25600 mbuf clusters in use (current/cache/total/max) 0/128 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clisters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max)0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 144k/319k/463k bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/4/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines That's netstat -rn, not -m. Unfortunately, the -m doesn't tell me what I'm looking for, which is your routing table. I'm wondering if your ipnat rules are awry. Please provide the ifconfig, routing table, and nat rules from the router machine. ...again, this is straight out of a fresh install (which I did because I had the exact same problem with the last install). Well, obviously, you did it the same both times, and are getting the same result. On 8/18/07, Bill Moran [EMAIL PROTECTED] wrote: Michael Hawkins [EMAIL PROTECTED] wrote: Sorry if this is sorta n00bish, but I have a problem that Google hasn't answered for me yet... I have a moderately-sized network that I am trying to run, with about 70 or so machines on it. The DHCP server (running FreeBSD 6.2, IPv4 address: 10.11.12.254, Subnet is 10.11.12.0/24 ) acts as a gateway server as well, and has ipnat running for traffic routing. So far, I have had no problems with ANY of the machines on this network connecting, save one--my File server (running FreeBSD 6.2 as well, IPv4 address: 10.11.12.253). For some reason, whenever I try to establish any connection to ANY network address (on any protocol), it will only connect to one address: 10.11.12.252 (and won't connect to anything when that machine is off). Here is a ping listing: #ping 10.11.12.254 PING 10.11.12.254 (10.11.12.254): 56 data bytes 64 bytes from 10.11.12.252: icmp_seq=0 ttl=64 time=0.852 ms ...and it continues precisely in that manner until I stop it. I have tried re-installing the OS on the file server, but with no change in results. I have removed the machine at 10.11.12.252 with the only change being that the file-server can obtain NO connection to ANY IP address. Any help would be appreciated. Why don't your cut/paste the output of ifconfig -a and netstat -rn I suspect your network settings are incorrect. -- Bill Moran Collaborative Fusion Inc. [EMAIL PROTECTED] Phone: 412-422-3463x4023 -- Bill Moran Collaborative Fusion Inc. [EMAIL PROTECTED] Phone: 412-422-3463x4023 IMPORTANT: This message
Re: problems with networking...
#arp -an? (10.11.12.254) at ff:ff:ff:ff:ff:ff on vr0 permanent [ethernet] thats all. I have cleaned out the arp cache once already, but this came right back. I was curious if there was a way to correct this entry, or something... On 8/19/07, Bill Moran [EMAIL PROTECTED] wrote: Michael Hawkins [EMAIL PROTECTED] wrote: oops, sorry about the -m, lack of sleep and alll /etc/rc.conf: amd_enable=YES hostname=[Removed] ifconfig_vr0=DHCP inetd_enable=YES rpcbind_enable=YES sshd_enable=YES usbd_enable=YES #netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.11.12.254 UGS 0 24 vr0 10.11.12/24 link#1 UC 0 0 vr0 10.11.12.254 ff:ff:ff:ff:ff:ff UHLWb 2 37 vr0 127.0.0.1 127.0.0.1 UH 0 8 lo0 ..for some reason I don't think that MAC addy of all f's is a good thing, but this is the first I've seen of it.. No, it's not. The output of arp -an might be helpful to this, but I suspect you've got an underlying network issue. Also (for the second time) keep the mailing list in the loop. In particular, I'll be leaving shortly and won't have access to email for several days. On 8/18/07, Bill Moran [EMAIL PROTECTED] wrote: [Please keep the mailing list in the CC] Michael Hawkins [EMAIL PROTECTED] wrote: Certainly. Here it is: #ifconfig -a vr0: flags=8843UP,BROADCAST ,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 10.11.12.253 netmask 0xff00 broadcast 10.11.12.254 That's really strange. Your broadcast address should be 10.11.12.255. It's quite likely that this is part of your problem, but I can't imagine how you could have arrived at this configuration. What is in /etc/rc.conf? ether [MAC ADDRESS REMOVED] media: Ethernet autoselect (100baseTX full-duplex) statusL active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING ,MULTICAST mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 #netstat -m 65/205/270 mbufs in use (current/cache/total) 64/134/198/25600 mbuf clusters in use (current/cache/total/max) 0/128 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clisters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max)0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 144k/319k/463k bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/4/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines That's netstat -rn, not -m. Unfortunately, the -m doesn't tell me what I'm looking for, which is your routing table. I'm wondering if your ipnat rules are awry. Please provide the ifconfig, routing table, and nat rules from the router machine. ...again, this is straight out of a fresh install (which I did because I had the exact same problem with the last install). Well, obviously, you did it the same both times, and are getting the same result. On 8/18/07, Bill Moran [EMAIL PROTECTED] wrote: Michael Hawkins [EMAIL PROTECTED] wrote: Sorry if this is sorta n00bish, but I have a problem that Google hasn't answered for me yet... I have a moderately-sized network that I am trying to run, with about 70 or so machines on it. The DHCP server (running FreeBSD 6.2, IPv4 address: 10.11.12.254, Subnet is 10.11.12.0/24 ) acts as a gateway server as well, and has ipnat running for traffic routing. So far, I have had no problems with ANY of the machines on this network connecting, save one--my File server (running FreeBSD 6.2 as well, IPv4 address: 10.11.12.253). For some reason, whenever I try to establish any connection to ANY network address (on any protocol), it will only connect to one address: 10.11.12.252 (and won't connect to anything when that machine is off). Here is a ping listing: #ping 10.11.12.254 PING 10.11.12.254 (10.11.12.254): 56 data bytes 64 bytes from 10.11.12.252: icmp_seq=0 ttl=64 time=0.852 ms ...and it continues precisely in that manner until I stop it. I have tried re-installing the OS on the file server, but with no change in results. I have removed the machine at 10.11.12.252 with the only change being that the file-server can obtain NO connection to ANY IP address. Any help would be appreciated. Why don't your cut/paste the
Re: problems with networking...
[Please keep the mailing list in the CC] Michael Hawkins [EMAIL PROTECTED] wrote: Certainly. Here it is: #ifconfig -a vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 10.11.12.253 netmask 0xff00 broadcast 10.11.12.254 That's really strange. Your broadcast address should be 10.11.12.255. It's quite likely that this is part of your problem, but I can't imagine how you could have arrived at this configuration. What is in /etc/rc.conf? ether [MAC ADDRESS REMOVED] media: Ethernet autoselect (100baseTX full-duplex) statusL active plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 #netstat -m 65/205/270 mbufs in use (current/cache/total) 64/134/198/25600 mbuf clusters in use (current/cache/total/max) 0/128 mbuf+clusters out of packet secondary zone in use (current/cache) 0/0/0/0 4k (page size) jumbo clisters in use (current/cache/total/max) 0/0/0/0 9k jumbo clusters in use (current/cache/total/max)0/0/0/0 16k jumbo clusters in use (current/cache/total/max) 144k/319k/463k bytes allocated to network (current/cache/total) 0/0/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters) 0/0/0 requests for jumbo clusters denied (4k/9k/16k) 0/4/6656 sfbufs in use (current/peak/max) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 0 calls to protocol drain routines That's netstat -rn, not -m. Unfortunately, the -m doesn't tell me what I'm looking for, which is your routing table. I'm wondering if your ipnat rules are awry. Please provide the ifconfig, routing table, and nat rules from the router machine. ...again, this is straight out of a fresh install (which I did because I had the exact same problem with the last install). Well, obviously, you did it the same both times, and are getting the same result. On 8/18/07, Bill Moran [EMAIL PROTECTED] wrote: Michael Hawkins [EMAIL PROTECTED] wrote: Sorry if this is sorta n00bish, but I have a problem that Google hasn't answered for me yet... I have a moderately-sized network that I am trying to run, with about 70 or so machines on it. The DHCP server (running FreeBSD 6.2, IPv4 address: 10.11.12.254, Subnet is 10.11.12.0/24) acts as a gateway server as well, and has ipnat running for traffic routing. So far, I have had no problems with ANY of the machines on this network connecting, save one--my File server (running FreeBSD 6.2 as well, IPv4 address: 10.11.12.253). For some reason, whenever I try to establish any connection to ANY network address (on any protocol), it will only connect to one address: 10.11.12.252 (and won't connect to anything when that machine is off). Here is a ping listing: #ping 10.11.12.254 PING 10.11.12.254 (10.11.12.254): 56 data bytes 64 bytes from 10.11.12.252: icmp_seq=0 ttl=64 time=0.852 ms ...and it continues precisely in that manner until I stop it. I have tried re-installing the OS on the file server, but with no change in results. I have removed the machine at 10.11.12.252 with the only change being that the file-server can obtain NO connection to ANY IP address. Any help would be appreciated. Why don't your cut/paste the output of ifconfig -a and netstat -rn I suspect your network settings are incorrect. -- Bill Moran Collaborative Fusion Inc. [EMAIL PROTECTED] Phone: 412-422-3463x4023 -- Bill Moran Collaborative Fusion Inc. [EMAIL PROTECTED] Phone: 412-422-3463x4023 IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]