A Weird one

Vernon Schryver vjs@calcite.rhyolite.com
Sat Jul 24 01:26:12 UTC 2004

> From: Daniel V Klein

> My firewall/router NATs my external addresses to my internal addresses (it is
> a Cisco 2621 - a fairly substantial router for a home system, and it
> certainly can handle what I'm asking it to do).  Inside, I have 3 class-C's,
> outside I have a /28.  The servers are all NATed 1:1, so they have an inside
> and an outside address.  But my router makes all that transparent...

The glossy brochures for all NAT boxes claim they're all transparent
except to evil packets.  In reality no NAT box is entirely transparent
to good packets or opaque to evil packets.

> The problem is still very strange, as "cdcc rtt" works perfectly on one box
> running BSDi and not on another running FreeBSD 4.10.

If both of those systems are behind the same router, and if both are
running similar versions of the DCC client code, then the problem must
be related to something about the FreeBSD system.

Note that calcite.rhyolite.com is running FreeBSD 4.9, and I've never
seen anything of the sort.  I am using IPFW.

> In another window on the same machine:
> # tcpdump port 6277
> tcpdump: listening on vr0
> 17:54:25.793569 maxwell.ibp.com.2402 > avas.cnc.bc.ca.6277: udp 40
> 17:54:25.913486 avas.cnc.bc.ca.6277 > maxwell.ibp.com.2402: udp 108 (DF)
> 17:54:25.913719 maxwell.ibp.com.2402 > werkt.niet.net.6277: udp 40
> 17:54:26.215933 werkt.niet.net.6277 > maxwell.ibp.com.2402: udp 108 (DF)
> 17:54:26.216126 maxwell.ibp.com.2402 > eth0.d.spam.sonic.net.6277: udp 40
> 17:54:26.300307 eth0.d.spam.sonic.net.6277 > maxwell.ibp.com.2402: udp 108 (DF)
> 17:54:26.300491 maxwell.ibp.com.2402 > ns.pa.iasf.cnr.it.6277: udp 40
> 17:54:26.438113 ns.pa.iasf.cnr.it.6277 > maxwell.ibp.com.2402: udp 108 (DF)

Do you have some kind of firewall mechanism running on maxwell.ibp.com?
Something is aparently eating packets between cdcc and tcpdump.

> Note that only 3 machines were polled! 

That is inconsistent with your `cdcc rtt` output which shows that 4
systems answered their polls.  This is more evidence that something
is eating packets.

Have you installed some kind of firewall, ipfw, ipchains, or whatever?

4 is a magic number of servers for the DCC client code.  `cdcc rtt`
tries to measure the RTTs to all known DCC server IP addresses (or an
arbitrary set of 12 if there are more than 12).  It sends up to 4 DCC
NOPs at exponentially increasing intervals to all servers that have
not yet answered until at least 4 servers have answered.

Vernon Schryver    vjs@rhyolite.com

More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.