Opened 12 years ago
Closed 12 years ago
#325 closed incident (worksforme)
Robijn ileiden-proxy geen internet voor buren
Reported by: | huub | Owned by: | |
---|---|---|---|
Keywords: | Cc: | ||
Location: | Generiek |
Description
De Robijn-ileiden-proxy werkt af en toe wel en meestal niet voor de buren. (Hetzelfde verschijnsel vertoonde VisitorCentre2 toen er nog een link naar vosko2 was). Nodesoftware is geupdate.
HybridUniGor1# traceroute www.nu.nl
traceroute: Warning: www.nu.nl has multiple addresses; using 62.69.174.75
traceroute to www-nu-nl.gl.sanomaservices.nl (62.69.174.75), 64 hops max, 40 byte packets
1 2hybridunigor1.hybridrobijn.wleiden.net (172.16.5.220) 1.869 ms 1.889 ms 1.497 ms
2 2hybridunigor1.hybridrobijn.wleiden.net (172.16.5.220) 1.801 ms 1.641 ms 1.588 ms
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
/dev/null 100% of 81 kB 1077 kBps
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
CC
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
/dev/null 100% of 81 kB 360 kBps
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
Cfetch: transfer interrupted
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
CC
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
/dev/null 100% of 81 kB 319 kBps
HybridUniGor1#
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
Cfetch: transfer interrupted
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
Cfetch: transfer interrupted
HybridUniGor1# traceroute www.nu.nl
traceroute: Warning: www.nu.nl has multiple addresses; using 62.69.174.78
traceroute to www-nu-nl.gl.sanomaservices.nl (62.69.174.78), 64 hops max, 40 byte packets
1 2hybridunigor1.hybridrobijn.wleiden.net (172.16.5.220) 1.794 ms 1.706 ms 1.493 ms
2 2hybridunigor1.hybridrobijn.wleiden.net (172.16.5.220) 2.042 ms 1.753 ms 1.553 ms
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
CC
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
/dev/null 100% of 81 kB 949 kBps
HybridUniGor1# fetch -o /dev/null http://www.nu.nl
Cfetch: transfer interrupted
Bij Watertorens bestaat een vergelijkbare configuratie en daar werkt het wel. Ik heb de pf.hybrid.conf van watertoren2 geprobeerd bij Robijn en nu werkt het!
Het verschil tussen de 'standaard' pf.conf en de 'watertoren2' pf.conf hieronder:
$ diff pf.hybrid.conf.vc1 pf.hybrid.conf.watertoren2
29,32c29,31
< ext_if="vr0"
< ext_ip="(vr0:0)"
< inet_if="vr0"
< inet_ip="(vr0:0)"
---
57c56
< nat on $inet_if inet proto tcp from $wl_net to ! $wl_net port { $publicnat } -> ($inet_if)
---
87d85
< block on $inet_if inet from any to !$wl_net
102c100
< pass out on $inet_if inet proto tcp from $wl_net to any port { $publicnat } keep state \
---
108,117c106
< pass out on $ext_if inet proto icmp from $ext_if to any icmp-type { echoreq, trace }
<
< # For proper functioning allow the local machine to initiate requests outside + vpn (4)
< pass out on $inet_if inet proto udp from $inet_if to any port { $allow_ext_out_udp } keep state
< pass out on $inet_if inet proto tcp from $inet_if to any port { $allow_ext_out_tcp } keep state
< pass out on $inet_if inet proto icmp from $inet_if to any icmp-type { echoreq, trace }
<
< # Uncomment to UDP traceroute from this host to start
< #pass out on $ext_if inet proto udp from $ext_if to any port 33434 >< 33464 keep state
< #pass out on $inet_if inet proto udp from $inet_if to any port 33434 >< 33464 keep state
---