Context Navigation

← Previous Ticket
Next Ticket →

#325 closed incident (worksforme)

Robijn ileiden-proxy geen internet voor buren

Reported by:	huub	Owned by:
Keywords:		Cc:
Location:	Generiek

Description

De Robijn-ileiden-proxy werkt af en toe wel en meestal niet voor de buren. (Hetzelfde verschijnsel vertoonde VisitorCentre2 toen er nog een link naar vosko2 was). Nodesoftware is geupdate.

HybridUniGor1# traceroute www.nu.nl
traceroute: Warning: www.nu.nl has multiple addresses; using 62.69.174.75
traceroute to www-nu-nl.gl.sanomaservices.nl (62.69.174.75), 64 hops max, 40 byte packets

1 2hybridunigor1.hybridrobijn.wleiden.net (172.16.5.220) 1.869 ms 1.889 ms 1.497 ms
2 2hybridunigor1.hybridrobijn.wleiden.net (172.16.5.220) 1.801 ms 1.641 ms 1.588 ms

HybridUniGor1# fetch -o /dev/null http://www.nu.nl
/dev/null 100% of 81 kB 1077 kBps
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
^CC
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
/dev/null 100% of 81 kB 360 kBps
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
^{Cfetch: transfer interrupted}

HybridUniGor1# fetch -o /dev/null http://www.nu.nl
^CC
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
/dev/null 100% of 81 kB 319 kBps
HybridUniGor1#
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
^{Cfetch: transfer interrupted}

HybridUniGor1# fetch -o /dev/null http://www.nu.nl
^{Cfetch: transfer interrupted}

HybridUniGor1# traceroute www.nu.nl
traceroute: Warning: www.nu.nl has multiple addresses; using 62.69.174.78
traceroute to www-nu-nl.gl.sanomaservices.nl (62.69.174.78), 64 hops max, 40 byte packets

1 2hybridunigor1.hybridrobijn.wleiden.net (172.16.5.220) 1.794 ms 1.706 ms 1.493 ms
2 2hybridunigor1.hybridrobijn.wleiden.net (172.16.5.220) 2.042 ms 1.753 ms 1.553 ms

HybridUniGor1# fetch -o /dev/null http://www.nu.nl
^CC
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
/dev/null 100% of 81 kB 949 kBps
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
^{Cfetch: transfer interrupted}

Change History (1)

comment:1 by huub, 11 years ago

Resolution:	→ worksforme
Status:	new → closed

Bij Watertorens bestaat een vergelijkbare configuratie en daar werkt het wel. Ik heb de pf.hybrid.conf van watertoren2 geprobeerd bij Robijn en nu werkt het!
Het verschil tussen de 'standaard' pf.conf en de 'watertoren2' pf.conf hieronder:
$ diff pf.hybrid.conf.vc1 pf.hybrid.conf.watertoren2
29,32c29,31
< ext_if="vr0"
< ext_ip="(vr0:0)"
< inet_if="vr0"
< inet_ip="(vr0:0)"
---

#ext_ip="(vr0:0)"
#ext_if="vr0"
ext_ip=$ext_if:0

57c56
< nat on $inet_if inet proto tcp from $wl_net to ! $wl_net port { $publicnat } -> ($inet_if)
---

nat on $ext_if inet proto tcp from $wl_net to ! $wl_net port { $publicnat } -> $ext_ip

87d85
< block on $inet_if inet from any to !$wl_net
102c100
< pass out on $inet_if inet proto tcp from $wl_net to any port { $publicnat } keep state \
---

pass out on $ext_if inet proto tcp from $wl_net to any port { $publicnat } keep state \

108,117c106
< pass out on $ext_if inet proto icmp from $ext_if to any icmp-type { echoreq, trace }
<
< # For proper functioning allow the local machine to initiate requests outside + vpn (4)
< pass out on $inet_if inet proto udp from $inet_if to any port { $allow_ext_out_udp } keep state
< pass out on $inet_if inet proto tcp from $inet_if to any port { $allow_ext_out_tcp } keep state
< pass out on $inet_if inet proto icmp from $inet_if to any icmp-type { echoreq, trace }
<
< # Uncomment to UDP traceroute from this host to start
< #pass out on $ext_if inet proto udp from $ext_if to any port 33434 >< 33464 keep state
< #pass out on $inet_if inet proto udp from $inet_if to any port 33434 >< 33464 keep state
---

pass out on $ext_if inet proto icmp from $ext_if to any icmp-type { echoreq }

Note: See TracTickets for help on using tickets.

Download in other formats: