Weird situation

Andrew Seguin asegu at borgtech.ca
Sun Jan 23 14:27:02 PST 2005 

Here I am again, experimenting with FreeBSD on the network.

My last questions here helped me get a firewall to help our network.

Now, I have a test setup in a virtual environment… but I have a problem.
(why else would I be writing here then?). At the moment I have no clue what
to even look up on Google or the archives (so all I’ve been able to do at
the moment is experiment).

The problem: traffic is flowing through one way, not back, through a test
environment.

The setup:

Main connection:
Router -> [vlan0][fxp1] firewall (production) [fxp0][vlan1] -> managed
switch, cuts off the vlan tag.

>From the switch -> secondary switch -> {FreeBSD test firewall -> FreeBSD
test server}

The two servers between '{' and '}' are running inside virtual PC on a
windows 2000 server (the best I could make up for a "lab"). They were build
by having the test firewall de0 linked with the physical nic, and de1 to a
"Microsoft loopback adapter", de0 of the test server as well.

Problem:
Pings from the test server at the end of the chain to the router don't come
back all the way.

Tests to date:
I've been using tcpdump -i {interface} "host {test_ip}" at each stage.
At the main firewall, tcpdump shows both request and reply, no problem.
On the win2k server, ethereal shows both request and reply, no problem.
On the test firewall, I see only the outgoing ICMP ping request.
At all points, the TTL seems fine (still 255 when captured by the win2k
server).

So I wondered, is virtual PC not sending the packet along?
But the freebsd firewall server can ping the router no problem.

What about the communication between the two freebsd servers?
Ping works with no problem at all.


The test firewall is as open as I can make, it is built with the same kernel
configuration as the production firewall, it is enabled in rc.conf with type
OPEN.


I'm not sure I know what to do about this problem at the moment, And
therefore ask if anybody knows what I could do about this?

Writing allll this down, I had a crazy idea that depresses me... what if
Virtual PC is not respecting the PROMISC mode of the virtual network card
and then the test server is not seeing traffic not specifically meant for
it... :(  Can anybody confirm or give any suggestions?

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.7.2 - Release Date: 1/21/2005

More information about the freebsd-net mailing list