3c59x driver bug? (Was: [bind ipmasq] More info about weird DNS problems.)

3c59x driver bug? (Was: [bind ipmasq] More info about weird DNS problems.)

Post by Karl M. Hegblo » Mon, 13 Mar 2000 04:00:00

 I pulled out the 3Com EtherLink XL PCI (3c900B-TPO, Rev-A, 1997) card
 that was, and replaced it with an Intel eexpress.  Now
 everything works fine.

 I guess there's a bug either in that card, or in the 3c59x driver
 that was running it.  It must be changing the trailing few bytes of
 the packet or something???  It worries me because my DLS connection
 is through a very similar card, with the identical driver.

 Question is: How can the checksum come out right when the packet size
 is different and when the data in it is wrong like that?

[ Attached Message ]

Date: Sat Mar 11 23:52:02 2000
Local: Sat, Mar 11 2000 11:52 pm
Subject: Digested Articles
   [PLUG] [bind ipmasq] Strange DNS problems.
   [PLUG] [bind ipmasq] More info about weird DNS problems.


Date: 11 Mar 2000 18:14:48 -0800

Subject: [PLUG] [bind ipmasq] Strange DNS problems.

Content-Type: text/plain; charset=US-ASCII

The following message is a courtesy copy of an article
that has been posted to comp.protocols.dns.bind,comp.os.linux.networking as well.

 I'm working on setting up a Linux box that will act as an Internet
 gateway for a home LAN.  It will sit on a DSL line, with one
 interface on the Internet and the other on the LAN, with transparent
 proxy and masquerading.

 I've got BIND set up in it to act as both the LAN nameserver and as a
 forwarder to the ISP's nameserver.  Right now, it's using my
 workstation as the "ISP", forwarding through my own BIND which in
 turn forwards to my real ISP.

 I have my laptop on the 10.0.0.XX network that will be the house LAN,
 plugged into a hub with the router machine.  The proxy's other
 interface is hooked to my workstation.  I have `ipchains' rules set
 up and ip_forward turned on.  My workstation's in-house LAN is

 I can `ping' from my laptop, and can `ping' from
 the gateway machine I'm setting up.  The gateway is on my
 workstation's (the "ISP") LAN, and I can `ping' from the
 proxy, and can `ping' from my workstation.  I can also
 `ping' from my laptop, and see that the connection is
 being masqueraded by using the masq display of `gfcc', running on the
 proxy machine.

 From the proxy machine, I can do `host <anywhere_inside>' and it will
 return an A record.  I can also do `host <IP_inside>' and it returns
 a PTR.  It will also return A and PTR records for hosts on my
 workstation LAN (that are in it's BIND) and for hosts on the
 internet.  The problem is that from my laptop, `host' doesn't work
 right.  It will return, right away, `host <anywhere_inside>', from
 the proxy machine's BIND.  But it will NOT do a reverse lookup.
 `host' times out and says that the nameserver is not responding.  It
 will let me do `host www.debian.org', `host ftp.debian.org', and
 `host slashdot.org', but will NOT return `host www.netscape.com', nor
 will it perform any reverse lookups.  The same queries from the proxy
 machine itself work fine.

 I used `ethereal' to watch packet traffic on the LAN,
 between the laptop and the proxy box I'm setting up.  I ran a copy on
 the laptop and another on the proxy, and both show the same thing.
 Both show the DNS query going to the proxy machine's BIND, _and_ both
 show a reply being returned to the laptop.  But the `host' lookup
 program on the laptop does NOT see the reply for some reason.
 `strace' shows a timeout in the select where it waits for the
 response.  It thinks the nameserver is not responding when it in fact

 I'm at the end of my wits and knowledge about this.  Any ideas?  What
 could it be?


Date: 11 Mar 2000 20:00:44 -0800

Subject: [PLUG] [bind ipmasq] More info about weird DNS problems.

Content-Type: text/plain; charset=US-ASCII

 I started `ethereal' on the laptop, and on the DNS machine, then ran
 `host' to get a reverse lookup on the IP of my
 workstation, which is acting as the "ISP" for the proxy gateway
 machine.  Here's the pcap dumps...  You can view the .pcap files with
 `ethereal' (please do that so you can see what I mean).  Enclosed in
 the tarfile are what I believe is most of the relevant information.
 Let me know if you need anything more to help.

 After starting the sniffers, I ran `host' from
 It's resolv.conf lists and as nameservers, in
 that order.  On, the same query shows a quick and valid
 response.  There resolv.conf has then as


 Notice that the second packet is a DNS response from, the
 proxy gateway box.  The same packet is different depending on which
 computer it was seen from!  From the machine that sent the response
 (.10) the packet is 3 bytes smaller than seen from the machine that
 recieved it (.11), and the address in the last part of the DNS
 response is different.  It sent `.1' but `.0' was recieved.  The
 similar thing happens in the first response packet coming from the
 secondary nameserver - the last digit sent is `.1', but the last
 digit recieved is `.3'.  What is causing this???

  The time differences in the capture is because of misconfigured
  /etc/timezone on the laptop (.11); I just fixed that, and it's not


End of forwardpMAbAp Digest