SEO

I ran into this interesting error while configuring a new
OpenBSD 3.4 SPARC nat/firewall.

bash-2.05b# telnet 10.200.201.15 80
Trying 10.200.201.15...
telnet: connect to address 10.200.201.15: Invalid argument
bash-2.05b# [same for ssh and everything except ping]

Now here is what makes it interesting. 10.200.201.15 was one of
a dozen virtual interfaces on a linux box that worked perfectly
well when accessed from other systems on the same network.

The system that had this error, was able to connect via the same
interface and PF filter set to all the other virtual IPs on that
Linux box and was able to 'ping' this address.

The related PF.CONF entries, which were identical to all the others
except for the number 15, where:

--------------------------------------------------------------------
hst55 = "external address"

vhst15 = "10.200.201.15"

table <int_hst> { $vhst13, $vhst14, $vhst15, $vhst16 } [shortened]

rdr on $ext_if proto { tcp, udp } from any to $hst55/32 port $web_prt -> $vhst15

pass out on $int_if proto { tcp, udp } from any to <int_hst> port $web_prt

pass in log on $ext_if proto tcp from any to <int_hst> \
port { 22, 80, 443 } keep state

--------------------------------------------------------------------

Now, here is what is interesting. After one hour of fussing and
multiple reboots, I changed the virtual server on the linux box
to 10.200.201.17 and all the PF.CONF entries from 15 -> 17 and
everything worked!

--------------------------------------------------------------------

My question: What could have been so "special" about 10.200.201.15
to cause it to fail in that manner?

Linolil

On 4 Jan 2004 14:57:51 -0800, Linolil wrote:

> My question: What could have been so "special" about 10.200.201.15
> to cause it to fail in that manner?

It could have been one of the configured networks' broadcast
address (see ifconfig output), that would cause the quoted
error (while pf doesn't, it may only create a 'No route to
host' error).

Daniel