I pulled out the 3Com EtherLink XL PCI (3c900B-TPO, Rev-A, 1997) card
that was 10.0.0.10, and replaced it with an Intel eexpress. Now
everything works fine.
I guess there's a bug either in that card, or in the 3c59x driver
that was running it. It must be changing the trailing few bytes of
the packet or something??? It worries me because my DLS connection
is through a very similar card, with the identical driver.
Question is: How can the checksum come out right when the packet size
is different and when the data in it is wrong like that?
[ Attached Message ]
|Date:||Sat Mar 11 23:52:02 2000|
|Local:||Sat, Mar 11 2000 11:52 pm|
[PLUG] [bind ipmasq] Strange DNS problems.
[PLUG] [bind ipmasq] More info about weird DNS problems.
Date: 11 Mar 2000 18:14:48 -0800
Subject: [PLUG] [bind ipmasq] Strange DNS problems.
Content-Type: text/plain; charset=US-ASCII
The following message is a courtesy copy of an article
that has been posted to comp.protocols.dns.bind,comp.os.linux.networking as well.
I'm working on setting up a Linux box that will act as an Internet
gateway for a home LAN. It will sit on a DSL line, with one
interface on the Internet and the other on the LAN, with transparent
proxy and masquerading.
I've got BIND set up in it to act as both the LAN nameserver and as a
forwarder to the ISP's nameserver. Right now, it's using my
workstation as the "ISP", forwarding through my own BIND which in
turn forwards to my real ISP.
I have my laptop on the 10.0.0.XX network that will be the house LAN,
plugged into a hub with the router machine. The proxy's other
interface is hooked to my workstation. I have `ipchains' rules set
up and ip_forward turned on. My workstation's in-house LAN is
I can `ping 10.0.0.10' from my laptop, and can `ping 10.0.0.11' from
the gateway machine I'm setting up. The gateway is 192.168.1.3 on my
workstation's (the "ISP") LAN, and I can `ping 192.168.1.1' from the
proxy, and can `ping 192.168.1.3' from my workstation. I can also
`ping 192.168.1.1' from my laptop, and see that the connection is
being masqueraded by using the masq display of `gfcc', running on the
From the proxy machine, I can do `host <anywhere_inside>' and it will
return an A record. I can also do `host <IP_inside>' and it returns
a PTR. It will also return A and PTR records for hosts on my
workstation LAN (that are in it's BIND) and for hosts on the
internet. The problem is that from my laptop, `host' doesn't work
right. It will return, right away, `host <anywhere_inside>', from
the proxy machine's BIND. But it will NOT do a reverse lookup.
`host' times out and says that the nameserver is not responding. It
will let me do `host www.debian.org', `host ftp.debian.org', and
`host slashdot.org', but will NOT return `host www.netscape.com', nor
will it perform any reverse lookups. The same queries from the proxy
machine itself work fine.
I used `ethereal' to watch packet traffic on the 10.0.0.0 LAN,
between the laptop and the proxy box I'm setting up. I ran a copy on
the laptop and another on the proxy, and both show the same thing.
Both show the DNS query going to the proxy machine's BIND, _and_ both
show a reply being returned to the laptop. But the `host' lookup
program on the laptop does NOT see the reply for some reason.
`strace' shows a timeout in the select where it waits for the
response. It thinks the nameserver is not responding when it in fact
I'm at the end of my wits and knowledge about this. Any ideas? What
could it be?
Date: 11 Mar 2000 20:00:44 -0800
Subject: [PLUG] [bind ipmasq] More info about weird DNS problems.
Content-Type: text/plain; charset=US-ASCII
I started `ethereal' on the laptop, and on the DNS machine, then ran
`host 192.168.1.1' to get a reverse lookup on the IP of my
workstation, which is acting as the "ISP" for the proxy gateway
machine. Here's the pcap dumps... You can view the .pcap files with
`ethereal' (please do that so you can see what I mean). Enclosed in
the tarfile are what I believe is most of the relevant information.
Let me know if you need anything more to help.
After starting the sniffers, I ran `host 192.168.1.1' from 10.0.0.11.
It's resolv.conf lists 10.0.0.10 and 192.168.1.1 as nameservers, in
that order. On 10.0.0.10, the same query shows a quick and valid
response. There resolv.conf has 127.0.0.1 then 192.168.1.1 as
Notice that the second packet is a DNS response from 10.0.0.10, the
proxy gateway box. The same packet is different depending on which
computer it was seen from! From the machine that sent the response
(.10) the packet is 3 bytes smaller than seen from the machine that
recieved it (.11), and the address in the last part of the DNS
response is different. It sent `.1' but `.0' was recieved. The
similar thing happens in the first response packet coming from the
secondary nameserver - the last digit sent is `.1', but the last
digit recieved is `.3'. What is causing this???
The time differences in the capture is because of misconfigured
/etc/timezone on the laptop (.11); I just fixed that, and it's not
End of forwardpMAbAp Digest