Date: Mon, 21 Nov 2011 22:19:28 GMT From: Terrence Koeman <terrence@mediamonks.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/162739: ipfw+nat redirect_addr option no longer works (as expected?) Message-ID: <201111212219.pALMJSBb032563@red.freebsd.org> Resent-Message-ID: <201111212220.pALMK6nI074603@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 162739 >Category: misc >Synopsis: ipfw+nat redirect_addr option no longer works (as expected?) >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 21 22:20:05 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Terrence Koeman >Release: 8.2-STABLE on 2011.07.10.03.00.00 >Organization: >Environment: FreeBSD satanael 8.2-STABLE FreeBSD 8.2-STABLE #30: Mon Nov 21 17:18:52 CET 2011 terrence@satanael:/usr/obj/usr/src/sys/SATANAEL-SMP amd64 compiled from cvs 2011.07.10.03.00.00 >Description: I updated a 8-STABLE machine recently (last update february 2011) and noticed that the static NAT translations stopped working. Relevant ipfw rules: ---- $cmd nat 20 config ip $outsidenat \ redirect_addr 172.16.0.70 ext.ext.ext.70 \ redirect_addr 172.16.0.68 ext.ext.ext.68 \ redirect_addr 172.16.0.69 ext.ext.ext.69 \ redirect_addr 172.16.0.71 ext.ext.ext.71 \ redirect_addr 172.16.0.72 ext.ext.ext.72 \ redirect_addr 172.16.0.73 ext.ext.ext.73 \ redirect_addr 172.16.0.74 ext.ext.ext.74 \ redirect_addr 172.16.0.75 ext.ext.ext.75 \ redirect_addr 172.16.0.76 ext.ext.ext.76 \ redirect_addr 172.16.0.77 ext.ext.ext.77 $cmd add 00450 nat 20 all from $insidenet to not $insidenet out via $outside $cmd add 00500 nat 20 all from any to $outsidenet in via $outside ---- This makes 172.16.0.70-77 get static nat-ed to ext.ext.ext.70-77 and any other 172.16.0.0/12 to $outsidenat. This works when I use cvs 2011.07.01.03.00.00, and this stops working when I use 2011.07.10.03.00.00. With 'stops working' I mean that clients 172.16.0.70-77 are translated to $outsidenat instead of ext.ext.ext.70-77 as expected. When I remove the general nat IP (ip $outsidenat), translation ceases entirely. I suspected that svn commit r223872 (http://lists.freebsd.org/pipermail/svn-src-stable-8/2011-July/005776.html) might be the cause and chose the dates accordingly. The problem seems to be caused by this change. >How-To-Repeat: Use cvs 2011.07.10.03.00.00, compile,install kernel & world. redirect_addr stops working. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111212219.pALMJSBb032563>