Thread: ping question
View Single Post
Old 14th November 2011
zealer zealer is offline
Port Guard
 
Join Date: Sep 2011
Posts: 10
Default

Thanks ocicat, I will carry on with this knowledge from now on.

jggimi, I tried this, but got no luck. Besides, i ping from a machine which is unaware of routing domains. My current test env is:
192.168.2.100 - my PC
192.168.2.200 - virtual OBSD with all interfaces set to down, except vic2 , which is UP and RUNNING, in rdomain1.
Everything looks fine on the .200 BSD... but it's not working. All code in this post is taken from the 192.168.2.200 BSD:
Code:
#pfctl -d
pfctl: pf not enabled

#netstat -T 1 -r -n
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
192.168.2/24       link#3             UC         2        0     -     4 vic2
192.168.2.100      e0:2a:82:e2:30:dd  UHLc       0        2     -     4 vic2
192.168.2.202      00:0c:29:eb:cf:c2  UHLc       0        0     -     4 vic2
#
#ping 192.168.2.100
PING 192.168.2.100 (192.168.2.100): 56 data bytes
64 bytes from 192.168.2.100: icmp_seq=0 ttl=127 time=0.824 ms
64 bytes from 192.168.2.100: icmp_seq=1 ttl=127 time=0.766 ms
--- 192.168.2.100 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.766/0.795/0.824/0.029 ms
#
#ssh -vvv -p 1234 192.168.2.200
OpenSSH_5.8, OpenSSL 1.0.0a 1 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to 192.168.2.200 [192.168.2.200] port 1234.
debug1: connect to address 192.168.2.200 port 1234: Connection refused
ssh: connect to host 192.168.2.200 port 1234: Connection refused
#

Ping is working back and forth, no problems with that.
sshd w/ max level of debug on target does not even indicate any attempt to initiate the session:
Code:
#/usr/sbin/sshd -p1234 -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 145
debug2: parse_server_config: config /etc/ssh/sshd_config len 145
debug3: /etc/ssh/sshd_config:99 setting Subsystem sftp  /usr/libexec/sftp-server
debug1: sshd version OpenSSH_5.8
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug3: Incorrect RSA1 identifier
debug1: read PEM private key done: type ECDSA
debug1: private host key: #2 type 3 ECDSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-p1234'
debug1: rexec_argv[2]='-ddd'
debug2: fd 3 setting O_NONBLOCK
debug1: Bind to port 1234 on ::.
Server listening on :: port 1234.
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 1234 on 0.0.0.0.
Server listening on 0.0.0.0 port 1234.
tcpdump reveals that there is an arp, then a single packet to the target and several replies... and an icmp redirect (??) that comes from a different host, after which I immediately get a connection refused on the client (no more info there with highest verbose output. Just connecting to... and then connection refused:
Code:
#tcpdump -veni vic2
18:47:57.804226 e0:2a:82:e2:30:dd ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.2.200 tell 192.168.2.100
18:47:57.804763 00:0c:29:5e:0c:c4 e0:2a:82:e2:30:dd 0806 60: arp reply 192.168.2.200 is-at 00:0c:29:5e:0c:c4
18:47:57.804919 e0:2a:82:e2:30:dd 00:0c:29:5e:0c:c4 0800 66: 192.168.2.100.60086 > 192.168.2.200.1234: S [tcp sum ok] 3947530110:3947530110(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 128, id 6748, len 52)
18:47:57.806808 00:0c:29:eb:cf:c2 e0:2a:82:e2:30:dd 0800 60: 192.168.2.200.1234 > 192.168.2.100.60075: R [tcp sum ok] 0:0(0) ack 3262175013 win 0 (DF) (ttl 63, id 43637, len 40)
18:47:57.806831 00:0c:29:eb:cf:c2 e0:2a:82:e2:30:dd 0800 60: 192.168.2.200.1234 > 192.168.2.100.60075: R [tcp sum ok] 0:0(0) ack 1 win 0 (DF) (ttl 63, id 61113, len 40)
18:47:57.806842 00:0c:29:eb:cf:c2 e0:2a:82:e2:30:dd 0800 60: 192.168.2.200.1234 > 192.168.2.100.60075: R [tcp sum ok] 0:0(0) ack 1 win 0 (DF) (ttl 63, id 11333, len 40)
18:47:57.806853 00:0c:29:eb:cf:c2 e0:2a:82:e2:30:dd 0800 60: 192.168.2.200.1234 > 192.168.2.100.60086: R [tcp sum ok] 0:0(0) ack 3947530111 win 0 (DF) (ttl 63, id 57706, len 40)
[...]
18:47:58.304057 e0:2a:82:e2:30:dd 00:0c:29:eb:cf:c2 0800 66: 192.168.2.100.60086 > 192.168.2.200.1234: S [tcp sum ok] 3947530110:3947530110(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 128, id 6752, len 52)
18:47:58.304076 00:0c:29:eb:cf:c2 00:0c:29:5e:0c:c4 0800 66: 192.168.2.100.60086 > 192.168.2.200.1234: S [tcp sum ok] 3947530110:3947530110(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 6752, len 52)
18:47:58.304084 00:0c:29:eb:cf:c2 e0:2a:82:e2:30:dd 0800 70: 192.168.2.202 > 192.168.2.100: icmp: redirect 192.168.2.200 to host 192.168.2.200 (ttl 255, id 59465, len 56)
18:47:58.304878 00:0c:29:eb:cf:c2 e0:2a:82:e2:30:dd 0800 60: 192.168.2.200.1234 > 192.168.2.100.60086: R [tcp sum ok] 0:0(0) ack 1 win 0 (DF) (ttl 63, id 30479, len 40)
18:47:58.803248 e0:2a:82:e2:30:dd 00:0c:29:eb:cf:c2 0800 62: 192.168.2.100.60086 > 192.168.2.200.1234: S [tcp sum ok] 3947530110:3947530110(0) win 8192 <mss 1460,nop,nop,sackOK> (DF) (ttl 128, id 6754, len 48)
18:47:58.803327 00:0c:29:eb:cf:c2 00:0c:29:5e:0c:c4 0800 62: 192.168.2.100.60086 > 192.168.2.200.1234: S [tcp sum ok] 3947530110:3947530110(0) win 8192 <mss 1460,nop,nop,sackOK> (DF) (ttl 127, id 6754, len 48)
18:47:58.803335 00:0c:29:eb:cf:c2 e0:2a:82:e2:30:dd 0800 70: 192.168.2.202 > 192.168.2.100: icmp: redirect 192.168.2.200 to host 192.168.2.200 (ttl 255, id 1638, len 56)
18:47:58.803683 00:0c:29:eb:cf:c2 e0:2a:82:e2:30:dd 0800 60: 192.168.2.200.1234 > 192.168.2.100.60086: R [tcp sum ok] 0:0(0) ack 1 win 0 (DF) (ttl 63, id 8998, len 40)
192.168.2.202 is another BSD in the subnet. I stopped it, so that it does not send icmp redirects anymore, but then replies are not sent at all:
Code:
#tcpdump -veni vic2
18:53:35.675038 e0:2a:82:e2:30:dd ff:ff:ff:ff:ff:ff 0806 60: arp who-has 192.168.2.200 tell 192.168.2.100
18:53:35.675264 00:0c:29:5e:0c:c4 e0:2a:82:e2:30:dd 0806 60: arp reply 192.168.2.200 is-at 00:0c:29:5e:0c:c4
18:53:35.675399 e0:2a:82:e2:30:dd 00:0c:29:5e:0c:c4 0800 66: 192.168.2.100.60152 > 192.168.2.200.1234: S [tcp sum ok] 1013717570:1013717570(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 128, id 7473, len 52)
18:53:38.674506 e0:2a:82:e2:30:dd 00:0c:29:5e:0c:c4 0800 66: 192.168.2.100.60152 > 192.168.2.200.1234: S [tcp sum ok] 1013717570:1013717570(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 128, id 7485, len 52)
Max verbose on client says connecting to... connection timed out.

192.168.2.200, as an SSH client, is connecting with no problems to other machines. But it does not accept any incoming connections. Can you help me figure out how to overcome this??

The only thing that comes to my mind is that, by default, rdomain1 routing table is not used at all. My first attempts to ping 192.168.2.200 were failing, until I typed "ping -V 1 192.168.2.200". Since then, pings succeed even without the -V. But this may be because arp requests are sent to rdomain 0 by default.

Thank you in advance for your help,
Simeon
Reply With Quote