*BSD News Article 99518

Return to BSD News archive 

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!inferno.mpx.com.au!news.unimelb.edu.au!munnari.OZ.AU!news.Hawaii.Edu!news.caldera.com!enews.sgi.com!newshub1.home.com!news.home.com!newsfeed.direct.ca!news.he.net!dimensional.com!flatland.dimensional.com!not-for-mail
From: mfuhr@dimensional.com (Michael Fuhr)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: PPP allows ICMP, drops TCP & UDP (not ipfw prob)
Date: 12 Jul 1997 19:15:09 -0600
Organization: Dimensional Communications
Lines: 45
Message-ID: <5q9a6t$5lv@flatland.dimensional.com>
NNTP-Posting-Host: flatland.dimensional.com
X-Newsreader: NN version 6.5.1 (NOV)
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:44326

FreeBSD 2.2-STABLE
Kernel PPP (pppd 2.2.0)

ipfw config:
    00100 allow ip from any to any
    65535 deny ip from any to any

Scenarios:

1.  ISP 1: PPP works like a champ.  ICMP, TCP, and UDP traffic works
    fine.

2.  ISP 2: Same PPP config -- only difference is phone # and password
    in chat file.

    * ICMP works fine -- can ping ISP and ISP can ping me; tcpdump
      run on both sides shows the ICMP echo request & reply packets.

    * TCP from ISP reaches me:  tcpdump on my side shows the SYN
      segment arriving.

    * TCP from me to ISP fails:  tcpdump on my side shows RST going
      back to ISP (nothing listening on that port); tcpdump at ISP
      never sees the RST, and ISP continues sending SYN segments.

    * UDP queries go unanswered:  tcpdump on my side shows UDP packets
      going out, but tcpdump at ISP shows nothing.

    * "ipfw show" shows increases on the allow counter.  Implicit
      deny counter remains 0.
      
    * ISP's other customers having no problems.

The PPP connection to ISP 2 comes up and the routes are set correctly,
as shown by the fact that I can ping them and receive the replies.  But
TCP and UDP get dropped somewhere between me and them, apparently not
by my packet filters.  The ISP's other customers have no problems (most
probably running Win95, not FreeBSD).  The identical config works fine
with ISP 1.

Any ideas?

-- 
Michael Fuhr
http://www.dimensional.com/~mfuhr/