RE: IP forward protocol

From: Church, Chuck (cchurch@wamnetgov.com)
Date: Mon Feb 23 2004 - 16:25:11 GMT-3

• Next message: Matt Mullen: "ISDN Dial Strings for Multilink"
• Previous message: Scott Morris: "RE: DLSW SAP FILTERING?"
• Maybe in reply to: Casey, Paul (6822): "IP forward protocol"
• Next in thread: Bala Ganesh: "Re: IP forward protocol"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

IP helper is only needed on R3's eth interface. Once R3 converts the allnet broadcast to a directed broadcast, no other 'ip-helpers' along the way will ever touch that packet. Do R1, R2, and R3 have directed broadcasts enabled?

Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com

-----Original Message-----
From: Bala Ganesh [mailto:ganesh@topguntechnologies.com]
Sent: Monday, February 23, 2004 1:14 PM
To: Church, Chuck
Cc: ccielab@groupstudy.com; Casey, Paul (6822)
Subject: Re: IP forward protocol

Chuck,

....this is freaking me out..;)

Well, your explanation looks perfect(I understood it wrong earlier) and I
tried it out immediately. I recreated Paul's Scenario(modified a litle).

(tftp server)--eth0--R1---R2---R3--|--R4

tftp server - ip=172.16.2.189/24
R1 eth0 = 172.16.2.1/24
R1 s0---s0 R2 = 1.1.1.0/30
R2 s1---s1 R3 = 2.2.2.0/30
R3 e0---e0 R4 = 3.3.3.0/24
(Eigrp running betn them)

1. I placed ip helper 172.16.2.255 on each interface facing R4 on all the
routers and did a no ip forward to all the default ports except 69.
2. Next, I issued "deb ip udp" on all the routers except R4

3. Now, I tried "copy run tftp" on R4 with the destination host addr to
255.255.255.255

and this is what the output i got on R3,

02:41:41: UDP: rcvd src=3.3.3.1(1302), dst=255.255.255.255(69), length=20
02:41:41: UDP: forwarded broadcast 69 from 3.3.3.1 to 172.16.2.255 on
Serial1
02:41:45: UDP: rcvd src=3.3.3.1(1302), dst=255.255.255.255(69), length=20
02:41:45: UDP: forwarded broadcast 69 from 3.3.3.1 to 172.16.2.255 on
Serial1
02:41:50: UDP: rcvd src=3.3.3.1(1302), dst=255.255.255.255(69), length=20
02:41:50: UDP: forwarded broadcast 69 from 3.3.3.1 to 172.16.2.255 on
Serial1
02:41:56: UDP: rcvd src=3.3.3.1(1302), dst=255.255.255.255(69), length=20
02:41:56: UDP: forwarded broadcast 69 from 3.3.3.1 to 172.16.2.255 on
Serial1
02:42:03: UDP: rcvd src=3.3.3.1(1302), dst=255.255.255.255(69), length=20
02:42:03: UDP: forwarded broadcast 69 from 3.3.3.1 to 172.16.2.255 on
Serial1

and on R2, no udp packets were recd.... ultimately TFTP packet never reached
the destination.

Am I missing something here?...hopefully Trinity pitches in with the help of
Oracle

HELP please

----- Original Message -----
From: "Church, Chuck" <cchurch@wamnetgov.com>
To: <patrick.basso>
Cc: "Bala Ganesh" <ganesh@topguntechnologies.com>
Sent: Monday, February 23, 2004 8:00 PM
Subject: RE: IP forward protocol

> Paul,
>
> From your original question, if you wanted to get TFTP broadcasts from one
side of the network to another, you need a destination address to send the
broadcasts to. IP helper converts all-nets broadcasts to either a unicast,
or a directed broadcast. You could enter the broadcast address of R1's eth0
interface as the helper destination. Now R5 will convert those 8 UDP
broadcasts to directed broadcasts and send them towards R1. Everything in
between will need to have forwarding of directed broadcasts enabled. If you
ONLY want TFTP and not the other 7 defaults forwarded, remove them with:
>
> no ip forward-protocol udp 37
> no ip forward-protocol udp 49
> no ip forward-protocol udp 53
> no ip forward-protocol udp 67
> no ip forward-protocol udp 68
> no ip forward-protocol udp 137
> no ip forward-protocol udp 138
>
> Think of 'ip helper' as WHERE, and 'ip forward-protocol' as WHAT. The
WHAT just happens to have 8 enabled by default, and can be added to and
subtracted from at will.
>
> For a humorous look at it, check out: http://www.routergod.com/trinity/
>
> HTH,
>
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Wam!Net Government Services
> 13665 Dulles Technology Dr. Ste 250
> Herndon, VA 20171
> Office: 703-480-2569
> Cell: 703-819-3495
> cchurch@wamnetgov.com
> PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com
>
> -----Original Message-----
> From: Casey, Paul (6822) [mailto:Paul.Casey@o2.com]
> Sent: Monday, February 23, 2004 2:35 AM
> To: Church, Chuck; Michael Snyder; ccielab@groupstudy.com
> Cc: Bala Ganesh
> Subject: RE: IP forward protocol
>
>
> So I am confused, based on my orginal question, what the answer is now.
> Also can someone explain the difference between when I forward one of the
> default 8 ports and when I want to forward another type that is not one of
> the 8 default.
>
> Any help appreciated.
> kind regards.
>
>
> -----Original Message-----
> From: Church, Chuck [mailto:cchurch@wamnetgov.com]
> Sent: 22 February 2004 17:16
> To: Michael Snyder; ccielab@groupstudy.com
> Cc: Bala Ganesh
> Subject: RE: IP forward protocol
>
>
> There seems to be a lot of confusion on this subject still. 'IP forward
> protocol' by itself doesn't do anything. It only modifies the behavior of
> IP helper addresses used on interfaces. Configuring an IP helper address
on
> an interface without any ip forward protocol commands will change the
> packets destination address to that configured on the helper address
> statement if (1) the original destination address was 255.255.255.255 and
> (2) the destination protocol was one of the 7 (I think) that are forwarded
> by default. Changing those 7 (using 'ip forward-protocol' and 'no ip
> forward-protocol' statements) will change that behavior for all interfaces
> using a helper address statement. It would block netbios shares if
> broadcasts are the only method of name resolution. Not very effective,
> versus using access lists.
>
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Wam!Net Government Services
> 13665 Dulles Technology Dr. Ste 250
> Herndon, VA 20171
> Office: 703-480-2569
> Cell: 703-819-3495
> cchurch@wamnetgov.com
> PGP key:
>
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com
>
> -----Original Message-----
> From: Michael Snyder [mailto:msnyder@revolutioncomputer.com]
> Sent: Sunday, February 22, 2004 7:52 PM
> To: ccielab@groupstudy.com
> Cc: 'Bala Ganesh'
> Subject: RE: IP forward protocol
>
>
> Does that mean I can turn off netbios shares using?
>
> no ip forward-protocol netbios-dgm
> no ip forward-protocol netbios-ns
> no ip forward-protocol netbios-ss
>
>
> I know someone who has been doing this with an access-list for years.
>
> -----Original Message-----
> From: Bala Ganesh [mailto:ganesh@topguntechnologies.com]
> Sent: Sunday, February 22, 2004 3:53 PM
> To: Casey, Paul (6822); ccielab@groupstudy.com
> Subject: Re: IP forward protocol
>
> Hello,
>
> The scenario which you are asking for needs "ip forward-protocol udp
> tftp"
> on all the routers.
> the helper command can be used if you want all of the default UDP prots
> to
> be forwarded.
>
>
>
> ----- Original Message -----
> From: "Casey, Paul (6822)" <Paul.Casey@o2.com>
> To: <ccielab@groupstudy.com>
> Sent: Monday, February 23, 2004 3:06 AM
> Subject: RE: IP forward protocol
>
>
> > Hello,
> >
> > ok, ,say I have eth0--r1---r2---r3----r4----r5-fa0/0
> >
> > and I want to forward tftp (Trivial File Transfer Protocol (69) )
> across
> the
> > network from r5-fa0/0 to r1-eth0
> > how do I do this..?? and not forward all other protocols/.
> >
> > When and when not, do i use the helper command, and what configuration
> do
> > the routers in the middle need.
> >
> > Any help appreciated.
> > Kind regards.
> >
> >
> >
> >
> >
> >
> ************************************************************************
> ****
> ************
> > Please note as of 31st March 2004 we will not be accepting any email
> to
> > Digifone.com addresses. From this date please send all emails to
> O2.com.
> > This E-mail is from O2. The E-mail and any files
> > transmitted with it are confidential and may also be privileged and
> intended
> > solely for the use of the individual or entity to whom they are
> addressed.
> > Any unauthorised direct or indirect dissemination, distribution or
> copying
> > of this message and any attachments is strictly prohibited. If you
> have
> > received the E-mail in error please notify postmaster@O2.com or
> > telephone ++ 353 1 6095000.
> >
> >
> ************************************************************************
> ****
> *************
> >
> >
> _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
> from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
****************************************************************************
************
> Please note as of 31st March 2004 we will not be accepting any email to
> Digifone.com addresses. From this date please send all emails to O2.com.
> This E-mail is from O2. The E-mail and any files
> transmitted with it are confidential and may also be privileged and
intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorised direct or indirect dissemination, distribution or copying
> of this message and any attachments is strictly prohibited. If you have
> received the E-mail in error please notify postmaster@O2.com or
> telephone ++ 353 1 6095000.
>
>
****************************************************************************
*************
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Matt Mullen: "ISDN Dial Strings for Multilink"
• Previous message: Scott Morris: "RE: DLSW SAP FILTERING?"
• Maybe in reply to: Casey, Paul (6822): "IP forward protocol"
• Next in thread: Bala Ganesh: "Re: IP forward protocol"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:55 GMT-3