Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 06 Apr 2000 23:14:20 -0400 (EDT)
From:      Mike Heffner <mheffner@mailandnews.com>
To:        cjclark@home.com
Cc:        FreeBSD-ipfw <FreeBSD-ipfw@freebsd.org>
Subject:   Re: Problems with natd
Message-ID:  <XFMail.20000406231420.mheffner@mailandnews.com>
In-Reply-To: <20000406182957.E4198@cc942873-a.ewndsr1.nj.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 06-Apr-2000 Crist J. Clark wrote:
  | Feel free to ... 
        [snip]

Well, I have examined the problem some more, and well, haven't achieved much
other than to confuse myself more...

_With_ natd running and divert ipfw rule:

the packets seem to be going out the line fine and were reaching your host,
because I was getting the ICMP "admin blocked..." off of the auth port.
But, when i try 25, 23, whatever, there are no response
packets at all, it will just keep sending syns.


_Without_ natd running and without divert rule:

i still get the ICMP packets off of auth, like expected, but I'm ALSO able to
connect to 23, 25,..., and get a response, (ie. everything works just like it
should).

It seems that FBSD sets the IP "type of service"
field now, compared to about 2 months ago when it was never used. My box was
setting it to 0x10, is there a reason that it is now used? This doesn't seem to
matter though, because it's set with and without natd running.

Hrm, this is all very strange because it looks like the packets are arriving at
a host (since your host was sending the icmp admin blocked stuff) but for some
reason UDP and TCP replies aren't coming back. At first I thought maybe natd
was somehow dropping the incoming packets, but I've logged everything coming in
_before_ diverting to natd and the packets still aren't there. I have even
put printf's in ipfw kernel code to see if maybe the packets were being
silently dropped in ipfw before it checks the rules, but they still don't
appear.


anyone have any other approach to the problem i can attempt?

/****************************************
 * Mike Heffner <spock@techfour.net>    *
 * Fredericksburg, VA      ICQ# 882073  *
 * Sent at: 06-Apr-2000 -- 22:39:01 EST *
 * http://my.ispchannel.com/~mheffner   *
 ****************************************/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20000406231420.mheffner>