need routed configuration help
-DAL-
dylan at newdream.net
Fri Jan 18 19:44:42 UTC 2002
On Tue, Jan 15, 2002 at 04:13:35PM -0800, Alex Melkomukov wrote:
>
> Hello everyone.
>
>
> The OS is FreeBSD 4.4. I did some digging and discovered that I needed to
> enable 'routed' and create some static routes to the gateway IP outside of
> the local network block to be able to reach the Internet.
>
> I uncommented the
>
> defaultrouter="5.6.7.1"
>
> entry (IP has been changed to protect parties involved) in the rc.conf file
> and added the
>
> router_enable="YES"
>
> entry. I then added the following entries to the rc.local file:
>
> route add default -interface 1.2.3.100 -netmask 255.255.255.252
> route add -net 5.6.7.1 -interface 1.2.3.100 -netmask 255.255.255.252
> route add default 5.6.7.1
>
> I came up with these routes by trial and error, and am not convinced that
> these are the correct entries to use.
>
> I can reach the Internet and the nameserver (which is also outside of the
> local network block), and can ping and traceroute without any problems.
>
> But,... every once in a while certain programs start timing out and/or
> take a really long time to respond (to the point of failure due to time-out
> on the other end). Some of these programs are telnet, ssh, ftp, radius.
>
> Other programs/protocols (such as http traffic) do not display the same
> behavior.
>
> So, I am seeking advice on how to configure static routes correctly and/or
> if some other issues may be causing this strange, intermitten behavior.
>
> Please let me know if I implemented this incorrectly...
>
> am
> __________________________________________________________________
> Alex Melkomukov amelkomukov at navi.net
> Navi.Net http://www.navi.net
> 618 NW Glisan St., Ste. 101 voice 503-517-8866
> Portland, OR 97209 USA fax 503-517-8868
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Alex,
If you can ping the outside world, and traceroutes etc work just fine my
guess would be you are seeing some kind of DNS related timeout. Does
your IP space reverse resolve? I.e. if you nslookup 1.2.3.100 does it
resolve to your host's domain name? Does your forward lookup match your
reverse?
Connecting to hosts that use wrappers etc on their Telnet, SSH, FTP can
take forever if you don't have reverse entries. This is because they
typically do a reverse lookup and forward lookup on your IP and DNS name
(respectivly) and so if you don't have entries properly set up you have
to wait for their DNS queries to timout. HTTP probably is fine because
it isn't normally wrapped, and may not do a reverse then forward look up
upon connect.
Last thing, you've got the static routes, no need to run the routing
daemon. You can set router_enable="NO".
regards, -DAL-
--
dylan at newdream.net
More information about the NANOG
mailing list