ARP prob on remote side
-
I'm trying to disconnect a T1 direct line between two locations and replace it with a DSL'd IPSEC tunnel. Windows SMB and IP printing are fine, but this embedded biometric timeclock isn't cooporating. We download from it with a oldish Windows winsock program.
Fine over the T1, but a DLINK IKE Autokey tunnel didn't work, and now two pfSense RC2 boxes don't work, so I may be stuck.
Ethereal isn't exporting for me, so… I loaded Wireshark
pfsense does a Gratuitous ARP to find the timeclock (192.168.2.244) for the packets coming over the tunnel from x.1.102
delivers the request.
Then pfsense asks the remote subnet where the x.1.102 machine is instead for taking ownership of delivering the x.1.102 packets.
(the Entersys router for the T1 does this)
It's "Who has 192.168.1.102? Tell 192.168.2.244 "
The LAN pfSense interface doesn't respond.
pfSense isn't in the conversation because I was filtering for 192.168.2.244 only. but where's it at like the Entersys below? Ah, the magic of IPSEC!!!I can post the ethereal captures. THANKS!!No. Time Source Destination Protocol Info
1 0.000000 Pronet_61:74:49 Broadcast ARP Who has 192.168.2.244? Gratuitous ARP
2 1.841458 192.168.1.102 192.168.2.244 TCP 4682 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
3 1.844307 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
4 3.654315 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
5 5.464055 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
6 7.274011 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
7 9.083820 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
8 11.693646 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
9 13.503433 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
10 13.831978 192.168.1.102 192.168.2.244 TCP 4688 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
11 13.834047 192.168.2.244 192.168.1.102 TCP 3001 > 4688 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
12 14.419300 192.168.1.102 192.168.2.244 TCP 4688 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
13 14.420570 192.168.2.244 192.168.1.102 TCP 3001 > 4688 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
14 15.004036 192.168.1.102 192.168.2.244 TCP 4688 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
15 15.005463 192.168.2.244 192.168.1.102 TCP 3001 > 4688 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
16 15.313196 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
17 15.868215 192.168.1.102 192.168.2.244 TCP 4690 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
18 15.869765 192.168.2.244 192.168.1.102 TCP 3001 > 4690 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
19 16.399449 192.168.1.102 192.168.2.244 TCP 4690 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
20 16.400719 192.168.2.244 192.168.1.102 TCP 3001 > 4690 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
21 16.956312 192.168.1.102 192.168.2.244 TCP 4690 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
22 16.957939 192.168.2.244 192.168.1.102 TCP 3001 > 4690 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
23 17.123141 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
24 17.837798 192.168.1.102 192.168.2.244 TCP 4691 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
25 17.839725 192.168.2.244 192.168.1.102 TCP 3001 > 4691 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
26 18.433957 192.168.1.102 192.168.2.244 TCP 4691 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
27 18.435199 192.168.2.244 192.168.1.102 TCP 3001 > 4691 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
28 18.997466 192.168.1.102 192.168.2.244 TCP 4691 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
29 18.999708 192.168.2.244 192.168.1.102 TCP 3001 > 4691 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
30 19.732899 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
31 19.865398 192.168.1.102 192.168.2.244 TCP 4693 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
32 19.867017 192.168.2.244 192.168.1.102 TCP 3001 > 4693 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
33 20.424305 192.168.1.102 192.168.2.244 TCP 4693 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
34 20.425485 192.168.2.244 192.168.1.102 TCP 3001 > 4693 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
35 21.025670 192.168.1.102 192.168.2.244 TCP 4693 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
36 21.027142 192.168.2.244 192.168.1.102 TCP 3001 > 4693 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
37 21.542796 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
38 21.919633 192.168.1.102 192.168.2.244 TCP 4694 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
39 23.522731 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
40 24.817952 192.168.1.102 192.168.2.244 TCP 4694 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
41 25.622423 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
42 27.432496 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
43 29.242159 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
I don't see the RST, ACKs when on the host side.For comparison, here the T1:
No. Time Source Destination Protocol Info
1 0.000000 Pronet_61:74:49 Broadcast ARP Who has 192.168.2.244? Gratuitous ARP
2 62.284043 Enterasy_a6:49:42 Broadcast ARP Who has 192.168.2.244? Tell 192.168.2.1
3 62.285489 Pronet_61:74:49 Enterasy_a6:49:42 ARP 192.168.2.244 is at 00:20:4a:61:74:49
4 62.286019 192.168.1.102 192.168.2.244 TCP 1731 > 3001 [SYN] Seq=0 Len=0 MSS=1410 TSV=0 TSER=0
5 62.289464 Pronet_61:74:49 Broadcast ARP Who has 192.168.1.102? Tell 192.168.2.244
6 62.289992 Enterasy_a6:49:42 Pronet_61:74:49 ARP 192.168.1.102 is at 00:01:f4:a6:49:42
7 62.319856 192.168.2.244 192.168.1.102 TCP 3001 > 1731 [SYN, ACK] Seq=0 Ack=1 Win=1024 Len=0 MSS=1024
8 62.327036 192.168.1.102 192.168.2.244 TCP 1731 > 3001 [ACK] Seq=1 Ack=1 Win=16384 Len=0
9 63.234982 192.168.1.102 192.168.2.244 TCP 1731 > 3001 [PSH, ACK] Seq=1 Ack=1 Win=16384 Len=8Looking at this further, is NAT involved?? the ports are incrementing in the first set of replies : 4688, then 4690, 4691, 4693 (that's why I posted so much of it.)