Date: Mon, 31 Jan 2000 12:14:11 -0500 From: John <papalia@udel.edu> To: freebsd-questions@freebsd.org Subject: NATD/Divert broken ? Message-ID: <4.1.20000131120328.009749c0@mail.udel.edu>
next in thread | raw e-mail | index | archive | help
Hey all, I'm having a small problem with my NATD and my firewall. Per the instructions in "The Complete FreeBSD", I added the firewall rule: divert natd ip from any to any via fxp1 The problem is that this rule is causing partial problems on my loopback device (lo0). What happens is that with the rule in place, for some connections within the box (which definitely go thru lo0), the connections fail. If I remove that rule, then the connections within the box can be made, but then I lose all ability to host my internal 192.168. net. I have done tcpdumps of both the successful and unsuccessful connections and have pasted them below. If the actual tcpdump files would be useful, I can attach those to a subsequent email. Also, I'm currently running 3.3 and am suffering from NO other apparent problems with lo0 that I can tell. tcpdumps are below. Thanks in advance, John ****** Failed connection, with divert rule in place: ****** 12:01:10.744362 merlin.wondermutt.net.3482 > merlin.wondermutt.net.39536: S 1027967984:1027967984(0) win 16384 <mss 16344,nop,wscale 0,nop,no p,timestamp 1000557 0> (DF) 12:01:13.303793 merlin.wondermutt.net.3482 > merlin.wondermutt.net.39536: S 1027967984:1027967984(0) win 16384 <mss 16344,nop,wscale 0,nop,no p,timestamp 1000562 0> (DF) 12:01:19.303910 merlin.wondermutt.net.3482 > merlin.wondermutt.net.39536: S 1027967984:1027967984(0) win 16384 <mss 16344,nop,wscale 0,nop,no p,timestamp 1000574 0> (DF) ****** Successful connection, with rule removed: ****** 11:54:38.896272 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: S 952881636:952881636(0) win 16384 <mss 16344,nop,wscale 0,nop,nop,t imestamp 999774 0> (DF) 11:54:38.896481 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: S 952969582:952969582(0) ack 952881637 win 57344 <mss 16344,nop,wsca le 0,nop,nop,timestamp 999774 999774> (DF) 11:54:38.896614 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: . ack 1 win 57344 <nop,nop,timestamp 999774 999774> (DF) 11:54:41.197580 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: P 1:8(7) ack 1 win 57344 <nop,nop,timestamp 999778 999774> (DF) 11:54:41.199426 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: . ack 8 win 57344 <nop,nop,timestamp 999778 999778> (DF) 11:54:43.316179 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: P 1:8(7) ack 8 win 57344 <nop,nop,timestamp 999783 999778> (DF) 11:54:43.399627 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: . ack 8 win 57344 <nop,nop,timestamp 999783 999783> (DF) 11:55:02.390061 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: F 23:23(0) ack 22 win 57344 <nop,nop,timestamp 999821 999806> (DF) 11:55:02.390224 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: . ack 24 win 57344 <nop,nop,timestamp 999821 999821> (DF) 11:55:02.393047 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: F 22:22(0) ack 24 win 57344 <nop,nop,timestamp 999821 999821> (DF) 11:55:02.393168 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: . ack 23 win 57344 <nop,nop,timestamp 999821 999821> (DF) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.20000131120328.009749c0>