FreeBSD Mail Archives

Date:      Tue, 5 Aug 2008 19:12:17 +0300 (EEST)
From:      "Prokofiev S.P." <proks@logos.sky.od.ua>
To:        freebsd-net@freebsd.org
Subject:   ipfw nat/natd
Message-ID:  <20080805191158.F31591@logos.sky.od.ua>

next in thread | raw e-mail | index | archive | help


I have a problem at the scheme:

( gw     ) <-----> (   nat_router  ) <-----> ( https )
   real.ip0        real.ip1 10.19.90.1        10.19.90.2

If I use ipfw+natd on nat_router then redirect to https server and to 
nat_router local address 10.19.90.1 is well, but if ipfw+nat - redirect to 
nat_router local address is fail. This is bug ?


ipfw+nat schema

- on nat_router
   - ipfw rules
     ipfw nat 1 config if vlan2 log redirect_port tcp 10.19.90.1:5000 5000 \
                                    redirect_port tcp 10.19.90.2:443 443
     ipfw add 500 nat 1 log ip from any to any via vlan2 //  nat
   - iperf -s -p 5000

- on gw
   - iperf -p 5000 -c real.ip1

tcpdump -np -i vlan2 host real.ip0


18:36:08.170034 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 785027736 0,sackOK,eol>
18:36:08.170093 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785027736>
18:36:11.170239 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785027736>
18:36:11.208523 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 785030736 0,sackOK,eol>
18:36:11.208554 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785030736>
18:36:14.208712 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785030736>
18:36:14.448772 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 785033936 0,sackOK,eol>
18:36:14.448802 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785033936>
18:36:17.449225 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785033936>
18:36:17.689771 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,sackOK,eol>
18:36:17.689801 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>
18:36:20.689736 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>
18:36:20.944763 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,sackOK,eol>
18:36:20.944794 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>
18:36:23.945252 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>


Thanks all!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080805191158.F31591>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation