Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    weird behavior with ping

    Scheduled Pinned Locked Moved TNSR
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      obensouda
      last edited by

      We are currently evaluating tnsr as a possible solution for large scale NAT and things were going great until we tried to setup our WAN with a public ip on a /29 subnet. We currently have tnsr installed on vmware esxi server. We are using vmnet3 interface on 10GB. After configuring the interface we assigned a public IP and then tried to ping the router. A ubiquiti infinity router. We could not ping the router at all. We tried from the router to ping tnsr on the same interface and IP and we had not success.

      We thought it was our configuration and changed to DHPC and we could NOT get a dhcp resolution. This is where things get weird. We setup a VM with windows server and then assigned ourselves to the same network on the same vmware interface card using vmnet3 and we were able to ping both the router and tnsr on the respecting IPs.

      Based on this we are sure that there is something weird in tnsr as we can ping the router on all other networks it connects to.

      When we exit configuration mode we are able to ping the router interface through the manager interface.

      kiokomanK 1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8 @obensouda
        last edited by

        @obensouda
        hard to tell without seeing your configuration or logs, I have tnsr on Vmware 7 and the only limitation is that vmnet3 does not support MTU 9000 otherwise it works correctly

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        O 1 Reply Last reply Reply Quote 0
        • O
          obensouda @kiokoman
          last edited by

          @kiokoman thanks for getting back to me. Below is my configuration. I did not do anything out of the ordinary and I am perplexed.

          <acl-config xmlns="urn:netgate:xml:yang:netgate-acl">
          <acl-table>
          <acl-list>
          <acl-name>internet-in</acl-name>
          <acl-rules>
          <acl-rule>
          <sequence>10</sequence>
          <acl-rule-description><![CDATA[allow DHCP responses]]></acl-rule-description>
          <action>permit</action>
          <ip-version>ipv4</ip-version>
          <src-first-port>67</src-first-port>
          <src-last-port>67</src-last-port>
          <dst-first-port>68</dst-first-port>
          <dst-last-port>68</dst-last-port>
          <protocol>udp</protocol>
          </acl-rule>
          <acl-rule>
          <sequence>20</sequence>
          <acl-rule-description><![CDATA[Allow ICMP]]></acl-rule-description>
          <action>permit</action>
          <ip-version>ipv4</ip-version>
          <protocol>icmp</protocol>
          </acl-rule>
          <acl-rule>
          <sequence>30</sequence>
          <acl-rule-description><![CDATA[Allow DNS Responses]]></acl-rule-description>
          <action>permit</action>
          <ip-version>ipv4</ip-version>
          <src-first-port>53</src-first-port>
          <src-last-port>53</src-last-port>
          <protocol>udp</protocol>
          </acl-rule>
          </acl-rules>
          </acl-list>
          <acl-list>
          <acl-name>internet-out</acl-name>
          <acl-rules>
          <acl-rule>
          <sequence>10</sequence>
          <acl-rule-description><![CDATA[Reflect All Outbound]]></acl-rule-description>
          <action>reflect</action>
          <ip-version>ipv4</ip-version>
          </acl-rule>
          </acl-rules>
          </acl-list>
          </acl-table>
          </acl-config>
          <dataplane-config xmlns="urn:netgate:xml:yang:netgate-dataplane">
          <ethernet>
          <default-mtu>1500</default-mtu>
          </ethernet>
          <dpdk>
          <dev>
          <id>0000:04:00.0</id>
          <device-type>network</device-type>
          <name>k8s-lan</name>
          </dev>
          <dev>
          <id>0000:0b:00.0</id>
          <device-type>network</device-type>
          <name>data-center</name>
          </dev>
          <dev>
          <id>0000:13:00.0</id>
          <device-type>network</device-type>
          <name>WAN-4G</name>
          </dev>
          <dev>
          <id>0000:1b:00.0</id>
          <device-type>network</device-type>
          <name>LAN-4G</name>
          </dev>
          <uio-driver>igb_uio</uio-driver>
          </dpdk>
          <buffers>
          <buffers-per-numa>32768</buffers-per-numa>
          </buffers>
          <statseg>
          <heap-size>96M</heap-size>
          <per-node-counters>
          <enabled>false</enabled>
          </per-node-counters>
          </statseg>
          </dataplane-config>
          <interfaces-config xmlns="urn:netgate:xml:yang:netgate-interface">
          <interface>
          <name>LAN-4G</name>
          <description><![CDATA[LAN]]></description>
          <enabled>true</enabled>
          <ipv4>
          <address>
          <ip>172.16.0.1/12</ip>
          </address>
          </ipv4>
          </interface>
          <interface>
          <name>WAN-4G</name>
          <description><![CDATA[WAN-4G]]></description>
          <enabled>true</enabled>
          <mtu>1500</mtu>
          <ipv4>
          <address>
          <ip>196.223.151.210/29</ip>
          </address>
          <mtu>1500</mtu>
          </ipv4>
          <access-list>
          <input>
          <acl-list>
          <acl-name>internet-in</acl-name>
          <sequence>10</sequence>
          </acl-list>
          </input>
          <output>
          <acl-list>
          <acl-name>internet-out</acl-name>
          <sequence>10</sequence>
          </acl-list>
          </output>
          </access-list>
          </interface>
          <interface>
          <name>data-center</name>
          <description><![CDATA[data-center]]></description>
          <enabled>true</enabled>
          <ipv4>
          <address>
          <ip>10.1.1.15/16</ip>
          </address>
          </ipv4>
          </interface>
          <interface>
          <name>k8s-lan</name>
          <description><![CDATA[k8s-lan]]></description>
          <enabled>true</enabled>
          <ipv4>
          <address>
          <ip>10.105.0.5/16</ip>
          </address>
          </ipv4>
          </interface>
          </interfaces-config>
          <kea-config xmlns="urn:netgate:xml:yang:netgate-kea">
          <dhcp4-server>
          <Dhcp4>
          <lease-database>
          <type>memfile</type>
          <persist>true</persist>
          <lfc-interval>0</lfc-interval>
          </lease-database>
          <interfaces-config>
          <dhcp-socket-type>raw</dhcp-socket-type>
          </interfaces-config>
          </Dhcp4>
          </dhcp4-server>
          </kea-config>
          <nat-config xmlns="urn:netgate:xml:yang:netgate-nat">
          <global-options>
          <nat44>
          <enabled>false</enabled>
          </nat44>
          </global-options>
          <ipfix>
          <logging>
          <domain>1</domain>
          <src-port>4739</src-port>
          </logging>
          </ipfix>
          <nat64>
          <ngmap:map xmlns:ngmap="urn:netgate:xml:yang:netgate-map">
          ngmap:parameters
          ngmap:security-check
          ngmap:enabletrue</ngmap:enable>
          </ngmap:security-check>
          </ngmap:parameters>
          </ngmap:map>
          </nat64>
          </nat-config>
          <neighbor-config xmlns="urn:netgate:xml:yang:netgate-neighbor">
          <neighbor-table>
          <interface>
          <if-name>WAN-4G</if-name>
          </interface>
          </neighbor-table>
          </neighbor-config>
          <route-table-config xmlns="urn:netgate:xml:yang:netgate-route-table">
          <static-routes>
          <route-table>
          <name>ipv4-VRF:0</name>
          <id>0</id>
          </route-table>
          </static-routes>
          </route-table-config>
          <route-config xmlns="urn:netgate:xml:yang:netgate-route">
          <dynamic>
          <ngbgp:bgp xmlns:ngbgp="urn:netgate:xml:yang:netgate-bgp">
          ngbgp:global-options
          ngbgp:enablefalse</ngbgp:enable>
          </ngbgp:global-options>
          </ngbgp:bgp>
          <ngfrr:manager xmlns:ngfrr="urn:netgate:xml:yang:netgate-frr">
          ngfrr:global-options
          ngfrr:ptmfalse</ngfrr:ptm>
          </ngfrr:global-options>
          </ngfrr:manager>
          <ngospf:ospf xmlns:ngospf="urn:netgate:xml:yang:netgate-ospf">
          ngospf:global-options
          ngospf:enablefalse</ngospf:enable>
          </ngospf:global-options>
          </ngospf:ospf>
          <ngospf6:ospf6 xmlns:ngospf6="urn:netgate:xml:yang:netgate-ospf6">
          ngospf6:global-options
          ngospf6:enablefalse</ngospf6:enable>
          </ngospf6:global-options>
          </ngospf6:ospf6>
          <ngrip:rip xmlns:ngrip="urn:netgate:xml:yang:netgate-rip">
          ngrip:global-options
          ngrip:enablefalse</ngrip:enable>
          </ngrip:global-options>
          </ngrip:rip>
          </dynamic>
          </route-config>
          <snmp-config xmlns="https://netgate.com/ns/netgate-snmp">
          <snmp-enable>false</snmp-enable>
          </snmp-config>
          <unbound-config xmlns="urn:netgate:xml:yang:netgate-unbound">
          <daemon>
          <server>
          <do-ip4>true</do-ip4>
          <do-tcp>true</do-tcp>
          <do-udp>true</do-udp>
          <harden-glue>true</harden-glue>
          <hide-identity>true</hide-identity>
          <outgoing-range>4096</outgoing-range>
          </server>
          </daemon>
          </unbound-config>
          <nacm xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-acm">
          <enable-nacm>true</enable-nacm>
          <read-default>deny</read-default>
          <write-default>deny</write-default>
          <exec-default>deny</exec-default>
          <enable-external-groups>true</enable-external-groups>
          <groups>
          <group>
          <name>admin</name>
          <user-name>root</user-name>
          <user-name>tnsr</user-name>
          </group>
          </groups>
          <rule-list>
          <name>admin-rules</name>
          <group>admin</group>
          <rule>
          <name>permit-all</name>
          <module-name></module-name>
          <access-operations>
          </access-operations>
          <action>permit</action>
          </rule>
          </rule-list>
          </nacm>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.