[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Troubleshooting IPNAT

I'm trying to troubleshoot my first IP NAT setup, specifically I need to figure out if my (stock installation) OpenBSD gateway is the problem, or if it's the Linux box behind that is the problem. I'm quite new at both OS's, so it's likely a combination of both; I'm hoping that you can help me with the OpenBSD portion.

The OpenBSD box connects successfully to the Internet via PPPOE, and the Internet services I've allowed in IPF, when invoked from OpenBSD, work fine. I can also SSH to the Linux box successfully, and vice versa (I'm using /etc/hosts ... no need for anything more complicated than that).

However, strange things happen when I attempt to use one of the allowed Internet services from my Linux box. For example,

[LinuxBox]$ nslookup www.news.com
Server:  LinuxBox

*** LinuxBox can't find www.news.com: No response from server

OK, so it doesn't know where to look for a DNS server, which is a problem for another day. But when I specify a nameserver to use:

[LinuxBox]$ nslookup www.news.com
*** Can't find server name for address No response from server
*** Default servers are not available

Indeed, doing a `tcpdump -i tun0` on the OpenBSD gateway, I see a bunch of packets going from the OpenBSD gateway to the nameserver, but none coming back (as would be expected if I did an `nslookup www.news.com` from the OpenBSD gateway).

Is there a misconfiguration on the OpenBSD side of things? It would seem so, but I'm not sure what to fix.

IP forwarding, IPF, and IP NAT are all turned on. In fact, everything's set up as per http://www.openbsd.org/faq/faq6.html except that nameservers are not specified in /etc/resolv.conf (they're provided to my automagically by the ISP) and /etc/mygate is not set.

Here's the output of `netstat -rn`, where dc0 is the internally-facing NIC, tun0 is running on dc1, is the OpenBSD gateway, and is the Linux box.

Destination        Gateway            Flags     Refs     Use    Mtu  Interface
default         UGS         1      243   1488  tun0       UH          1        0   1500  tun0          UH          0        0  32972  lo0
127/8              UGRS        0        0  32972  lo0          UH          2        0  32972  lo0
192.168.0/24       link#1             UC          0        0   1500  dc0          UGHS        0        0  32972  lo0        0:20:78:1c:80:2    UHL         1     1060   1500  dc0
224/4              URS         1       14  32972  lo0

For the curious, here's the same for the Linux box:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface   U         0 0          0 eth0       U         0 0          0 lo         UG        0 0          0 eth0