ipfilterd udp

IRIX and IRIX software discussion including open source and commerical offerings.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
foetz
Moderator
Moderator
Posts: 6626
Joined: Mon Apr 14, 2003 4:34 am
Contact:

ipfilterd udp

Unread postby foetz » Sat Jan 13, 2018 9:56 pm

for many years i've been running ipfilterd on my server-octane to give it a little extra protection and never had any issues. recently i changed my internet plan which included a new router. not a big change tho since it's almost the same. just a later model which runs the same software and is 95% identical. it's one of these dummy routers you're forced to use with certain providers. hardly any "real" network settings so not much to mess up :P
anyway everything is fine except for one thing: udp. ntp, dns ... no joy and nfs is like limited to 100mbit despite using my gbit card. but only if ipfilterd is running. if i turn it off everything works fine. i didn't change my rules in years and it worked fine with the old router and any other router i had before.
i had to change my lan ips tho but don't see how that could cause the trouble since everything else except for udp is fine and without ipfilterd that's fine as well.

now the big question is: did anyone encounter something similar? or has any idea why ipfilterd suddenly causes udp problems?


EDIT: this just got weirder. i tried with ipfilter (the 3rd party one) and guess what, same issue :P
ipfilter on = udp dead. just like with ipfilterd. and the same happened with another machine where i tried both, too.
and yet weirder, even with the firewalls off the nfs speed still sucks. i'm starting to think this is because of the ip change after all. any known issues with irix and 172.16.x.x ?

User avatar
dexter1
Moderator
Moderator
Posts: 2756
Joined: Thu Feb 20, 2003 6:57 am
Location: Zoetermeer, The Netherlands

Re: ipfilterd udp

Unread postby dexter1 » Sun Jan 14, 2018 5:41 am

Suppose you want to run nfs services from within your home network to the octane, did you perform an attempt of directly connecting the octane to the nfs server omitting the router?
This way you can check three possible causes:
- if Gigabit speeds are attainable
- if ipfilter(d) causes havoc just because a new router was added
- if the subnet causes problems

I have never used 172.16.x.x so can't comment on that.

By any chance, what is the brand and model your internet router? Since you live in Germany, i suppose FritzBox is used very often as router hardware.
I use a 7360v1 myself.
I might start ipfilterd on my challengeS and with maybe your (edited) config i can check if i experience the same behavior.
:Crimson: :PI: :Indigo: :O2: :Indy: :Indigo2: :Indigo2IMP:

User avatar
vishnu
Donor
Donor
Posts: 3238
Joined: Sun Mar 18, 2007 3:25 pm
Location: Minneapolis, Minnesota USA

Re: ipfilterd udp

Unread postby vishnu » Sun Jan 14, 2018 9:50 am

Just guessing but it could be that one of your network related /etc/config/*.options files is messed up...
Project:
Temporarily lost at sea...
Plan:
World domination! Or something...

:Tezro: :Octane2:

User avatar
foetz
Moderator
Moderator
Posts: 6626
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: ipfilterd udp

Unread postby foetz » Sun Jan 14, 2018 2:18 pm

dexter1 wrote:Suppose you want to run nfs services from within your home network to the octane

the other way around, the octane is the server.

did you perform an attempt of directly connecting the octane to the nfs server omitting the router?

ah, i should have been a bit more detailed there.
nothing is connected to the router (indeed a fritzbox) directly. the router hooks up to my switch and that's where all machines are plugged in as well. just as i did with the previous router. i even use the same cable so hardware wise no change except for the router.

in fact after the same happened to the other sgi i tried i'm starting to think that the router might not be the problem after all but rather the new ip range. although i have no idea why :P
before i had 192.168.0.0/255.255.0.0 which i had to change to 172.16.0.0/255.255.0.0. shouldn't make a difference but, well, maybe it did.
to set the new ip i changed static-route.options, hosts, exports and the ips in my ipfilterd.conf. netif.options only works with hostnames and i kept the subnet mask so nothing else required. just to be on the safe side i tried to make the ip changes via sysmgr later but that made no difference.

I might start ipfilterd on my challengeS and with maybe your (edited) config i can check if i experience the same behavior.

would be great if you wouldn't mind. just put your router and one of your sgis into the 172.16.0.0 net and fire up either ipfilterd or ipfilter. then run ntpdate or a bind9 or whatever else you have that's using udp.

vishnu wrote:Just guessing but it could be that one of your network related /etc/config/*.options files is messed up...

sure that was the first thing i checked but i didn't change anything in there except for the ips. same goes for the hosts file and exports. i don't use nis or similar stuff.

User avatar
vishnu
Donor
Donor
Posts: 3238
Joined: Sun Mar 18, 2007 3:25 pm
Location: Minneapolis, Minnesota USA

Re: ipfilterd udp

Unread postby vishnu » Sun Jan 14, 2018 3:46 pm

foetz wrote:
vishnu wrote:Just guessing but it could be that one of your network related /etc/config/*.options files is messed up...

sure that was the first thing i checked but i didn't change anything in there except for the ips. same goes for the hosts file and exports. i don't use nis or similar stuff.


You probably already did this but try grepping for 192 in the options files, see if one of them thinks you're still on the old network...?
Project:
Temporarily lost at sea...
Plan:
World domination! Or something...

:Tezro: :Octane2:

User avatar
foetz
Moderator
Moderator
Posts: 6626
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: ipfilterd udp

Unread postby foetz » Sun Jan 14, 2018 4:03 pm

that's how i did it in the first place :-)

rooprob
Posts: 77
Joined: Wed Sep 01, 2010 7:20 am

Re: ipfilterd udp

Unread postby rooprob » Sun Jan 14, 2018 5:47 pm

have you run tcpdump to confirm whether UDP traffic is passing the Gbit or built in 100Mbit interface on the Octane?

I realise that doesn’t explain the difference of running ipfilterd or not but it might track whether you have some comms passing either interface.

Are you running routing software? Routed for example?
You have discounted running in half duplex?
:O2: r12 400 mapleleaf :Indigo2IMP: r10 195 IRIS :Cube: NeXT
New Zealand

User avatar
foetz
Moderator
Moderator
Posts: 6626
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: ipfilterd udp

Unread postby foetz » Sun Jan 14, 2018 6:40 pm

rooprob wrote:have you run tcpdump to confirm whether UDP traffic is passing the Gbit or built in 100Mbit interface on the Octane?

not yet, i'm not so much concerned about the speed but udp working at all

I realise that doesn’t explain the difference of running ipfilterd or not but it might track whether you have some comms passing either interface.

yeah good point. time for some tcpdumping

Are you running routing software? Routed for example?

none

You have discounted running in half duplex?

ifconfig attests both nics full duplex


EDIT: actually irix doesn't have tcpdump but i'll try something else

mgtremaine
Posts: 304
Joined: Wed Feb 22, 2006 1:58 pm
Location: San Diego, Ca
Contact:

Re: ipfilterd udp

Unread postby mgtremaine » Tue Jan 16, 2018 6:33 am

Isn't it snoop or sniff? Something like that it's been awhile. But yes packet tracing is the tool to reach for to see if the packets going somewhere they should not be.

-Mike

User avatar
foetz
Moderator
Moderator
Posts: 6626
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: ipfilterd udp

Unread postby foetz » Tue Jan 16, 2018 3:35 pm

okay so i took netsnoop for a ride and the results were, well, not too helpful :P
unless i did it wrong. i ran:

Code: Select all

netsnoop -e any udp

then i fired up ntpdate which is one of the troublesomes. netsnoop showed the traffic that the dns query caused because i used pool.ntp.org. what it didn't show however was anything related to ntp itself but since it worked there must be some ntp traffic. odd.
next i activated ipfilter, started netsnoop again and ran ntpdate again. this time i got the same dns traffic and nothing else. but this time, as expected, ntpdate didn't work.

so i'm not sure what to make of that. it made the whole case even weirder :D


Return to “IRIX and Software”

Who is online

Users browsing this forum: Ahrefs [Bot] and 1 guest