[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Troubleshooting IPNAT



I'm trying to troubleshoot my first IP NAT setup, specifically I need to figure out if my (stock installation) OpenBSD gateway is the problem, or if it's the Linux box behind that is the problem. I'm quite new at both OS's, so it's likely a combination of both; I'm hoping that you can help me with the OpenBSD portion.

The OpenBSD box connects successfully to the Internet via PPPOE, and the Internet services I've allowed in IPF, when invoked from OpenBSD, work fine. I can also SSH to the Linux box successfully, and vice versa (I'm using /etc/hosts ... no need for anything more complicated than that).

However, strange things happen when I attempt to use one of the allowed Internet services from my Linux box. For example,

[LinuxBox]$ nslookup www.news.com
Server:  LinuxBox
Address:  0.0.0.0

*** LinuxBox can't find www.news.com: No response from server

OK, so it doesn't know where to look for a DNS server, which is a problem for another day. But when I specify a nameserver to use:

[LinuxBox]$ nslookup www.news.com 198.235.216.111
*** Can't find server name for address 198.235.216.111: No response from server
*** Default servers are not available

Indeed, doing a `tcpdump -i tun0` on the OpenBSD gateway, I see a bunch of packets going from the OpenBSD gateway to the nameserver, but none coming back (as would be expected if I did an `nslookup www.news.com` from the OpenBSD gateway).

Is there a misconfiguration on the OpenBSD side of things? It would seem so, but I'm not sure what to fix.

IP forwarding, IPF, and IP NAT are all turned on. In fact, everything's set up as per http://www.openbsd.org/faq/faq6.html except that nameservers are not specified in /etc/resolv.conf (they're provided to my automagically by the ISP) and /etc/mygate is not set.

Here's the output of `netstat -rn`, where dc0 is the internally-facing NIC, tun0 is running on dc1, 192.168.0.1 is the OpenBSD gateway, and 192.168.0.2 is the Linux box.

Internet:
Destination        Gateway            Flags     Refs     Use    Mtu  Interface
default            64.229.171.1       UGS         1      243   1488  tun0
64.229.171.1       64.229.171.4       UH          1        0   1500  tun0
64.229.171.4       127.0.0.1          UH          0        0  32972  lo0
127/8              127.0.0.1          UGRS        0        0  32972  lo0
127.0.0.1          127.0.0.1          UH          2        0  32972  lo0
192.168.0/24       link#1             UC          0        0   1500  dc0
192.168.0.1        127.0.0.1          UGHS        0        0  32972  lo0
192.168.0.2        0:20:78:1c:80:2    UHL         1     1060   1500  dc0
224/4              127.0.0.1          URS         1       14  32972  lo0

For the curious, here's the same for the Linux box:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth0




Visit your host, monkey.org