Date: Sun, 12 Dec 1999 22:48:28 +0700 From: Alexei Sokolski <aleks@post.krascience.rssi.ru> To: Roelof Osinga <roelof@nisser.com> Cc: freebsd-stable@freebsd.org Subject: Re[2]: ifpw forwarding problem Message-ID: <2950.991212@cc.krascience.rssi.ru> In-Reply-To: <384FFEC6.276F4A1E@nisser.com> References: <384FFEC6.276F4A1E@nisser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
------------F12555BA795BC
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello,
10 Dec 1999 , Roelof Osinga wrote:
> OK, here it comes. A fresh set of data. This is how it is *now*. Thus
> with FORWARD disabled. Some testscripts are at the end. Maybe you
> can spot the error, I sure can't.
I can`n find error in YOUR scripts.
But I find something wrong at work of ipfw... (or not ?)
I have FreeBSD gateway with natd and two interface:
First is public de0 - 193.x.x.121.
Second is local rl0 - 172.16.0.14.
One web-server at 172.16.0.101:80 and http-client (172.16.0.2). All of
them has connection to 10Base-T hub.
I run network analyser at client machine with capture filter:
"catch from any_ether to any_ether"
I am try make redirection from my gateway to my local web-server from
Internet and local network.
Don`t asked me why I did it :^(
I have several small experiment:
1) for redirection from Internet I add rule at natd configuration:
-redirect_port tcp 193.x.x.121:80 172.16.0.101:80
And this work.
2) I make forward as Roelof Osinga:
ipfw add 1 fwd 172.16.0.101,80 tcp from any to 172.16.0.14 8080 in via rl0
At this case analyser show series of packets :
a) from client to dateway for open tcp connection in port 8080
b) and my gateway write in log_file:
Connection attempt to TCP 172.16.0.14:8080 from 172.16.0.2:some_ports
3) I make forward:
ipfw add 1 fwd 172.16.0.101,80 tcp from any to 172.16.0.14 8080
At this case analyser show packets
a) from client to gateway - open connection in port 8080
b) from gateway to web-server for open tcp connection to port 8080 (!!!).
No service at web-server on port 8080 therefore client has timeout
:^((
4) In man ipfw(8) write
...
fwd ipaddr [,port]
...
This is intended for use with transparent proxy
servers.
...
And I decide tried make forward like this (from 80 to 80 port):
ipfw add 1 fwd 172.16.0.101,80 tcp from any to 172.16.0.14 80 in via rl0
At this case analyser show series of packets :
a) from client to dateway for open tcp connection in port 80
b) and my gateway write in log_file:
Connection attempt to TCP 172.16.0.14:80 from 172.16.0.2:some_ports
5) Then I make forward (may be it work):
ipfw add 1 fwd 172.16.0.101,80 tcp from any to 172.16.0.14 80
At this case analyser show series of packets
a) from client to gateway - open connection in port 80
b) from gateway to web-server for open tcp connection to port 80.
c) from gateway to client - icmp: Redirect, Use Gateway 172.16.00.14,
to reach 172.16.00.14 (!!!)
It is repeat many a time without success therefore client has timeout :^((
So, I have a problem (I or all?):
Can I make redirect from IP1:port1 to IP2:port2 with "ipfw..fwd..."?
Or I must use one more natd for that?
All information about machine in files:
$uname -a uname-a
$ifconfig -a ifconfig-a
$ipfw list ipfw_list
file KERNEL ICMSBRAS
P.S. One more questions
In FreeBSD 2.2.6 with natd at port 8668 in my machine I had:
$netstat -an
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp 0 0 *.xxx *.* LISTEN
divert 0 0 *.8668 *.* LISTEN
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
Now when I run natd I have string with icmp:
$netstat -an
Proto Recv-Q Send-Q Local Address Foreign Address (state)
icmp 0 0 *.* *.*
tcp 0 0 *.XXX *.* LISTEN
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
Can you say why???
-----------
Thank you for your help, Sokolski Alexei
engineer of technical laboratory
ICM SB RAS
------------F12555BA795BC
Content-Type: application/octet-stream; name="uname-a"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="uname-a"
RnJlZUJTRCBhazExLmtyYXNjaWVuY2UucnNzaS5ydSAzLjMtUkVMRUFTRSBGcmVlQlNEIDMuMy1S
RUxFQVNFICMwOiBNb24gRGVjICA2IDIxOjI2OjQxIEtSQVQgMTk5OSAgICAgYWxla3NAa3NjLmty
YXNuLnJ1Oi91c3Ivc3JjL3N5cy9jb21waWxlL0lDTVNCUkFTICBpMzg2DQo=
------------F12555BA795BC
Content-Type: application/octet-stream; name="ifconfig-a"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ifconfig-a"
ZGUwOiBmbGFncz04OTQzPFVQLEJST0FEQ0FTVCxSVU5OSU5HLFBST01JU0MsU0lNUExFWCxNVUxU
SUNBU1Q+IG10dSAxNTAwDQoJaW5ldCAxOTMueHgueHguNjYgbmV0bWFzayAweGZmZmZmZmMwIGJy
b2FkY2FzdCAxOTMueHgueHguMTI3DQoJaW5ldCAxOTMueHgueHguMTIxIG5ldG1hc2sgMHhmZmZm
ZmZmZiBicm9hZGNhc3QgMTkzLnh4Lnh4LjEyMQ0KCWV0aGVyIDA4OjAwOjJiOmU0OjA2OjhhIA0K
CW1lZGlhOiBhdXRvc2VsZWN0ICgxMGJhc2VUL1VUUCkgc3RhdHVzOiBhY3RpdmUNCglzdXBwb3J0
ZWQgbWVkaWE6IGF1dG9zZWxlY3QgMTBiYXNlNS9BVUkgbWFudWFsIDEwYmFzZVQvVVRQIDxmdWxs
LWR1cGxleD4gMTBiYXNlVC9VVFANCnJsMDogZmxhZ3M9ODg0MzxVUCxCUk9BRENBU1QsUlVOTklO
RyxTSU1QTEVYLE1VTFRJQ0FTVD4gbXR1IDE1MDANCglpbmV0IDE3Mi4xNi4wLjE0IG5ldG1hc2sg
MHhmZmZmMDAwMCBicm9hZGNhc3QgMTcyLjE2LjI1NS4yNTUNCglldGhlciAwMDpjMDpkZjoyNTpi
NDoxMiANCgltZWRpYTogYXV0b3NlbGVjdA0KCXN1cHBvcnRlZCBtZWRpYTogYXV0b3NlbGVjdCAx
MDBiYXNlVFggPGZ1bGwtZHVwbGV4PiAxMDBiYXNlVFggPGhhbGYtZHVwbGV4PiAxMDBiYXNlVFgg
MTBiYXNlVC9VVFAgPGZ1bGwtZHVwbGV4PiAxMGJhc2VUL1VUUCAxMGJhc2VUL1VUUCA8aGFsZi1k
dXBsZXg+DQpzbDA6IGZsYWdzPWMwMTA8UE9JTlRPUE9JTlQsTElOSzIsTVVMVElDQVNUPiBtdHUg
NTUyDQpwcHAwOiBmbGFncz04MDEwPFBPSU5UT1BPSU5ULE1VTFRJQ0FTVD4gbXR1IDE1MDANCnBw
cDE6IGZsYWdzPTgwMTA8UE9JTlRPUE9JTlQsTVVMVElDQVNUPiBtdHUgMTUwMA0KcHBwMjogZmxh
Z3M9ODAxMDxQT0lOVE9QT0lOVCxNVUxUSUNBU1Q+IG10dSAxNTAwDQpwcHAzOiBmbGFncz04MDEw
PFBPSU5UT1BPSU5ULE1VTFRJQ0FTVD4gbXR1IDE1MDANCmxvMDogZmxhZ3M9ODA0OTxVUCxMT09Q
QkFDSyxSVU5OSU5HLE1VTFRJQ0FTVD4gbXR1IDE2Mzg0DQoJaW5ldCAxMjcuMC4wLjEgbmV0bWFz
ayAweGZmMDAwMDAwIA0K
------------F12555BA795BC
Content-Type: application/octet-stream; name="ipfw_list"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="ipfw_list"
MDAxMDAgZGl2ZXJ0IDkwMDkgaXAgZnJvbSBhbnkgdG8gYW55IHZpYSBkZTANCjAwMTAwIGFsbG93
IGlwIGZyb20gYW55IHRvIGFueSB2aWEgbG8wDQowMDIwMCBkZW55IGlwIGZyb20gYW55IHRvIDEy
Ny4wLjAuMC84DQo2NTAwMCBhbGxvdyBpcCBmcm9tIGFueSB0byBhbnkNCjY1NTM1IGRlbnkgaXAg
ZnJvbSBhbnkgdG8gYW55DQo=
------------F12555BA795BC
Content-Type: application/octet-stream; name="Icmsbras"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Icmsbras"
bWFjaGluZQkJImkzODYiDQpjcHUJCSJJNjg2X0NQVSINCmlkZW50CQlJQ01TQlJBUw0KbWF4dXNl
cnMJNTEyDQoNCmNvbmZpZwkJa2VybmVsCXJvb3Qgb24gd2QwDQoNCm9wdGlvbnMgCSJDT01QQVRf
NDMiCQkjQ29tcGF0aWJsZSB3aXRoIEJTRCA0LjMgW0tFRVAgVEhJUyFdDQpvcHRpb25zIAlGRlMJ
CQkjQmVya2VsZXkgRmFzdCBGaWxlc3lzdGVtDQpvcHRpb25zIAlGRlNfUk9PVAkJI0ZGUyB1c2Fi
bGUgYXMgcm9vdCBkZXZpY2UgW2tlZXAgdGhpcyFdDQpvcHRpb25zIAlQUk9DRlMJCQkjUHJvY2Vz
cyBmaWxlc3lzdGVtDQpvcHRpb25zIAlNRlMJCQkjTWVtb3J5IEZpbGVzeXN0ZW0NCm9wdGlvbnMJ
CVFVT1RBCQkJI0VuYWJsZSBkaXNrIHF1b3Rhcw0KDQpjb250cm9sbGVyCWlzYTANCmNvbnRyb2xs
ZXIJcG5wMAkJCSMgUG5QIHN1cHBvcnQgZm9yIElTQQ0KY29udHJvbGxlcglwY2kwDQoNCmNvbnRy
b2xsZXIJd2RjMAlhdCBpc2E/IHBvcnQgIklPX1dEMSIgYmlvIGlycSAxNA0KZGlzawkJd2QwCWF0
IHdkYzAgZHJpdmUgMCBmbGFncyAweGIwZmYgIz8/Pz8gZm9yIExCQSAoMHhiIG9yIDB4YSkNCmRp
c2sJCXdkMQlhdCB3ZGMwIGRyaXZlIDENCg0KY29udHJvbGxlcgl3ZGMxCWF0IGlzYT8gcG9ydCAi
SU9fV0QyIiBiaW8gaXJxIDE1DQpkaXNrCQl3ZDIJYXQgd2RjMSBkcml2ZSAwIGZsYWdzIDB4YjBm
ZiAjPz8/PyBmb3IgTEJBICgweGIgb3IgMHhhKQ0KZGlzawkJd2QzCWF0IHdkYzEgZHJpdmUgMQ0K
DQojIEZsb2F0aW5nIHBvaW50IHN1cHBvcnQgLSBkbyBub3QgZGlzYWJsZS4NCmRldmljZQkJbnB4
MAlhdCBpc2E/IHBvcnQgSU9fTlBYIGlycSAxMw0KDQojIHN5c2NvbnMgaXMgdGhlIGRlZmF1bHQg
Y29uc29sZSBkcml2ZXIsIHJlc2VtYmxpbmcgYW4gU0NPIGNvbnNvbGUNCmRldmljZQkJc2MwCWF0
IGlzYT8gdHR5DQpvcHRpb25zCQlTQ19ISVNUT1JZX1NJWkU9NjAwCSMgbnVtYmVyIG9mIGhpc3Rv
cnkgYnVmZmVyIGxpbmVzDQoNCmRldmljZQkJdmdhMAlhdCBpc2E/IHBvcnQgPyBjb25mbGljdHMN
Cg0KIyBhdGtiZGMwIGNvbnRyb2xzIGJvdGggdGhlIGtleWJvYXJkIGFuZCB0aGUgUFMvMiBtb3Vz
ZQ0KY29udHJvbGxlcglhdGtiZGMwCWF0IGlzYT8gcG9ydCBJT19LQkQgdHR5DQpkZXZpY2UJCWF0
a2JkMAlhdCBpc2E/IHR0eSBpcnEgMQ0KDQojIFNlcmlhbCAoQ09NKSBwb3J0cw0KZGV2aWNlCQlz
aW8wCWF0IGlzYT8gcG9ydCAiSU9fQ09NMSIgZmxhZ3MgMHgyMDAwMCB0dHkgaXJxIDQNCmRldmlj
ZQkJc2lvMQlhdCBpc2E/IHBvcnQgIklPX0NPTTIiIGZsYWdzIDB4MjAwMDAgdHR5IGlycSAzDQpk
ZXZpY2UJCXNpbzIJYXQgaXNhPyBkaXNhYmxlIHBvcnQgIklPX0NPTTMiIGZsYWdzIDB4MjAwMDAg
dHR5IGlycSA1DQpkZXZpY2UJCXNpbzMJYXQgaXNhPyBkaXNhYmxlIHBvcnQgIklPX0NPTTQiIGZs
YWdzIDB4MjAwMDAgdHR5IGlycSA5DQoNCm9wdGlvbnMgCUlORVQJCQkjSW50ZXJORVR3b3JraW5n
DQoNCiMgUENJIEV0aGVybmV0IE5JQ3MuDQpkZXZpY2UJCWRlMAkJIyBERUMvSW50ZWwgREMyMXg0
eCAoYGBUdWxpcCcnKQ0KZGV2aWNlCQlybDAJCSMgUmVhbFRlayA4MTI5LzgxMzkNCnBzZXVkby1k
ZXZpY2UgbG9vcA0KcHNldWRvLWRldmljZSBldGhlcg0KcHNldWRvLWRldmljZSBzbCAxDQpwc2V1
ZG8tZGV2aWNlIGJwZmlsdGVyIDMyDQpwc2V1ZG8tZGV2aWNlIGd6aXANCnBzZXVkby1kZXZpY2Ug
bG9nDQpwc2V1ZG8tZGV2aWNlIHB0eSA4DQpwc2V1ZG8tZGV2aWNlIHNucCAyNA0KcHNldWRvLWRl
dmljZSB2bg0KcHNldWRvLWRldmljZSBjY2QgMg0KcHNldWRvLWRldmljZSBwcHAgNA0Kb3B0aW9u
cyBQUFBfQlNEQ09NUAkJCSNQUFAgQlNELWNvbXByZXNzIHN1cHBvcnQNCm9wdGlvbnMgUFBQX0RF
RkxBVEUJCQkjUFBQIHpsaWIvZGVmbGF0ZS9nemlwIHN1cHBvcnQNCm9wdGlvbnMgUFBQX0ZJTFRF
UgkJCSNlbmFibGUgYnBmIGZpbHRlcmluZyAobmVlZHMgYnBmaWx0ZXIpDQoNCm9wdGlvbnMgCUZB
SUxTQUZFCQkjQmUgY29uc2VydmF0aXZlDQpvcHRpb25zIAlVU0VSQ09ORklHCQkjYm9vdCAtYyBl
ZGl0b3INCm9wdGlvbnMgCVZJU1VBTF9VU0VSQ09ORklHCSN2aXN1YWwgYm9vdCAtYyBlZGl0b3IN
Cm9wdGlvbnMgCUtUUkFDRQkJCSNrdHJhY2UoMSkgc3lzY2FsbCB0cmFjZSBzdXBwb3J0DQoNCm9w
dGlvbnMJCSJNQVhEU0laPSgyNTYqMTAyNCoxMDI0KSINCm9wdGlvbnMJCSJERkxEU0laPSgyNTYq
MTAyNCoxMDI0KSINCg0Kb3B0aW9ucyAgICAgICAgIElQRklSRVdBTEwgICAgICAgICAgICAgICNm
aXJld2FsbA0Kb3B0aW9ucyAgICAgICAgIElQRklSRVdBTExfVkVSQk9TRSAgICAgICNwcmludCBp
bmZvcm1hdGlvbiBhYm91dA0KCQkJCQkjIGRyb3BwZWQgcGFja2V0cw0Kb3B0aW9ucyAgICAgICAg
IElQRklSRVdBTExfRk9SV0FSRCAgICAgICNlbmFibGUgdHJhbnNwYXJlbnQgcHJveHkgc3VwcG9y
dA0Kb3B0aW9ucwkJSVBESVZFUlQJCSNkaXZlcnQgc29ja2V0cw0Kb3B0aW9ucwkJSVBGSUxURVIJ
CSNrZXJuZWwgaXBmaWx0ZXIgc3VwcG9ydA0Kb3B0aW9ucwkJSVBGSUxURVJfTE9HCQkjaXBmaWx0
ZXIgbG9nZ2luZw0Kb3B0aW9ucwkJVENQREVCVUcNCg0Kb3B0aW9ucyAgICAgICAgICJJQ01QX0JB
TkRMSU0iDQoNCiMgRFVNTVlORVQgZW5hYmxlcyB0aGUgImR1bW15bmV0IiBiYW5kd2lkdGggbGlt
aXRlci4gWW91IG5lZWQNCiMgSVBGSVJFV0FMTCBhcyB3ZWxsLiBTZWUgdGhlIGR1bW15bmV0KDQp
IG1hbnBhZ2UgZm9yIG1vcmUgaW5mby4NCm9wdGlvbnMJRFVNTVlORVQNCg0Kb3B0aW9ucwlORlNf
Tk9TRVJWRVIJCSNEaXNhYmxlIHRoZSBORlMtc2VydmVyIGNvZGUuDQoNCiMgQWxsb3cgdGhpcyBt
YW55IHN3YXAtZGV2aWNlcy4NCm9wdGlvbnMJCU5TV0FQREVWPTUNCg0Kb3B0aW9ucwkJU1VJRERJ
Ug0KDQo=
------------F12555BA795BC--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2950.991212>