Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Aug 2004 18:55:56 +0300
From:      "Kolya Karpov" <kolya@astrons.org>
To:        <FreeBSD-gnats-submit@FreeBSD.org>
Subject:   i386/70904: ipfilter ipnat problem with h323 proxy support
Message-ID:  <002e01c489f2$d76025b0$9917c651@wskolya>
Resent-Message-ID: <200408241600.i7OG0dQp022134@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         70904
>Category:       i386
>Synopsis:       ipfilter ipnat problem with h323 proxy support
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 24 16:00:39 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Kolya Karpov
>Release:        FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
Astrons LTD
>Environment:
System: FreeBSD ns3.astrons.lv 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9
#0: Sat Aug 21 15:38:30 EEST 2004
root@ns3.apollo.lv:/usr/src/sys/i386/compile/NS i386

FreeBSD 5.2.1-RELEASE-p9 #0: Sat Aug 21 15:38:30 EEST 2004
    root@ns3.apollo.lv:/usr/src/sys/i386/compile/NS
Preloaded elf kernel "/boot/kernel/kernel" at 0xc0676000. Timecounter
"i8254" frequency 1193182 Hz quality 0
CPU: Pentium/P54C (150.00-MHz 586-class CPU)
  Origin = "GenuineIntel"  Id = 0x52c  Stepping = 12
  Features=0x1bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8>
real memory  = 33554432 (32 MB)
avail memory = 27267072 (26 MB)
Intel Pentium detected, installing workaround for F00F bug
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcibios: BIOS version 2.10
Using $PIR table, 5 entries at 0xc00fd7b0
pcib0: <Host to PCI bridge> at pcibus 0 on motherboard
pci0: <PCI bus> on pcib0
pci_cfgintr: 0:17 INTA BIOS irq 12
pci_cfgintr: 0:18 INTA BIOS irq 9
pci_cfgintr: 0:19 INTA BIOS irq 10
pci_cfgintr: 0:20 INTA BIOS irq 11
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX3 WDMA2 controller> port 0xf000-0xf00f at device 7.1
on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata0: [MPSAFE]
ata1: at 0x170 irq 15 on atapci0
ata1: [MPSAFE]
rl0: <RealTek 8139 10/100BaseTX> port 0x6100-0x61ff mem
0xe4001000-0xe40010ff irq 12 at device 17.0 on pci0
rl0: Ethernet address: 00:30:4f:1b:b3:06
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl1: <RealTek 8139 10/100BaseTX> port 0x6200-0x62ff mem
0xe4000000-0xe40000ff irq 9 at device 18.0 on pci0
rl1: Ethernet address: 00:40:f4:31:1a:ca
miibus1: <MII bus> on rl1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pci0: <display, VGA> at device 19.0 (no driver attached)
rl2: <RealTek 8139 10/100BaseTX> port 0x6300-0x63ff mem
0xe4002000-0xe40020ff irq 11 at device 20.0 on pci0
rl2: Ethernet address: 00:e0:7d:f9:e0:34
miibus2: <MII bus> on rl2
rlphy2: <RealTek internal media interface> on miibus2
rlphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
orm0: <Option ROM> at iomem 0xc0000-0xc7fff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x64,0x60 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on
isa0
unknown: <PNP0303> can't assign resources (port)
Timecounter "TSC" frequency 150001104 Hz quality 800 Timecounters tick
every 1.000 msec ipfw2 initialized, divert disabled, rule-based
forwarding enabled, default to accept, logging limited to 100
packets/entry by default IP Filter: v3.4.31 initialized.  Default = pass
all, Logging = enabled
GEOM: create disk ad0 dp=0xcadf1960
ad0: 1623MB <FUJITSU M1623TAU> [3298/16/63] at ata0-master WDMA2
Mounting root from ufs:/dev/ad0s1a

>Description:

Try to use h323 proxy in IPFILTER, but when parsing ipnat config file i
get: 
110 entries flushed from NAT table
7 entries flushed from NAT list
1:ioctl(SIOCADNAT): No such file or directory

Here is ipnat conf file:

map rl0 0/0 -> 0/32 proxy port 1720 h323/tcp
map rl0 0/0 -> 0/32 proxy port ftp ftp/tcp
map rl0 192.168.0.0/24 -> 217.199.99.45/32
map rl0 192.168.1.0/24 -> 217.199.99.46/32

rdr rl0 217.199.99.45/32 port 3306 -> 192.168.0.2 port 3306 tcp rdr rl0
217.199.99.45/32 port 874 -> 192.168.0.2 port 873 tcp

rdr rl0 217.199.99.36/32 port 873 -> 192.168.0.2 port 873 tcp rdr rl0
217.199.99.37/32 port 873 -> 192.168.0.2 port 873 tcp

FTP proxy works, but h323 - now.
Kernel is compiled with options

IPFILTER
IPFILTER_LOG

tried to add BRIDGE support and others rhings like DUMMYNET - result is
the same.

Tried all systems till 6.0-CURRENT - bug remains. 
>How-To-Repeat:

Install base system, compile kernel with IPFILTER support, or load
IPFilter module, enable h323 proxy and get an error.

>Fix:

I'm not so good in programming to patch this ;(

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002e01c489f2$d76025b0$9917c651>