Date: Mon, 27 Aug 2007 19:45:13 +0300 From: Fratiman Vladut <vladone@spaingsm.com> To: ipfw@freebsd.org Subject: natd load problem. How block some traffic with ipfw Message-ID: <46D2FF99.1020303@spaingsm.com>
next in thread | raw e-mail | index | archive | help
Hi!
I'm using freebsd 5.4 with ipfw+natd+dummynet. Everything work well,
except that sometimes natd daemon require too match resources.
I run natd in verbose mode and i found some traffic that is strange for me.
For example:
In {default} 0000ffff[TCP] [TCP] 89.38.249.21:4111 -> myIP:1085 aliased to
[TCP] 89.38.249.21:4111 -> myIP:1085
In {default} 0000ffff[UDP] [UDP] 196.219.167.100:1831 -> myIP:20278
aliased to
[UDP] 196.219.167.100:1831 -> myIP:20278
In {default} 0000ffff[TCP] [TCP] 64.125.154.81:39840 -> myIP:2800
aliased to
[TCP] 64.125.154.81:39840 -> myIP:2800
It's like natd don't change destination ip.
I don't have applications running on server that listen to these ports
1085, 20278, 2800,.....
Usually natd change destination ip for packets according with some
internal tables. So what is with this traffic?
I don't have public IP's in my LAN, only private . Some legitimate
traffic is like this:
In {default} 0000ffff[UDP] [UDP] 89.39.74.183:31336 -> myIP:17324
aliased to
[UDP] 89.39.74.183:31336 -> 10.0.0.115:17324
If is some illegal traffic, how can be blocked with ipfw.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46D2FF99.1020303>