Date: Sun, 20 Sep 1998 12:31:49 -0700 (PDT) From: Allan Saddi <asaddi@philosophysw.com> To: freebsd-stable@FreeBSD.ORG Subject: Yet more natd problems Message-ID: <Pine.BSF.4.02A.9809201231150.15926-100000@shell2.ba.best.com>
next in thread | raw e-mail | index | archive | help
This seems to be a popular topic on -stable lately. ;)
I cvsupped on September 18th, at approximately 1:10 am PDT. I made world and
rebuilt my kernel (w/o making any changes to the kernel config file i.e. I
didn't activate bridging or dummynet) about a day later.
This is my topology:
utopia de0--------ed0 europa ed1---------ISDN router
I run natd by setting the appropriate values in rc.conf, namely:
natd_enable="YES" # Enable natd if firewall_enable.
natd_interface="ed1" # Public interface to use with natd if natd_enabl
e.
natd_flags="-redirect_port udp utopia:27901 27901" # Additiona
l flags for natd.
(Yes, that redirect is for Quake2 ;)
This is what I did: I set up utopia to monitor icmp packets on its de0
interface. Similarly, I set up europa to monitor packets on its ed1
interface. On utopia, I ping'ed a non-local destination. I gathered the
following output:
utopia: {101} ifconfig de0
de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.42.17 netmask 0xfffffff0 broadcast 192.168.42.31
ether 00:80:c8:47:47:c5
media: autoselect (10baseT/UTP) status: active
supported media: autoselect 100baseTX <full-duplex> 100baseTX 10baseT/UTP <full-duplex> 10baseT/UTP
europa: {101} ifconfig ed0
ed0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.42.19 netmask 0xfffffff0 broadcast 192.168.42.31
ether 00:80:c8:4d:ae:c7
europa: {102} ifconfig ed1
ed1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.3 netmask 0xfffffff0 broadcast 10.0.0.15
ether 00:80:c8:49:0d:c2
europa# ipfw show
00050 0 0 deny ip from 192.168.42.30 to not 192.168.42.16/28
00100 5 531 divert 8668 ip from any to any via ed1
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
65000 84 6787 allow ip from any to any
65535 0 0 deny ip from any to any
utopia: {110} ping 171.69.192.182
PING 171.69.192.182 (171.69.192.182): 56 data bytes
^C
--- 171.69.192.182 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
utopia# tcpdump -n -i de0 icmp
tcpdump: listening on de0
12:03:43.478860 192.168.42.17 > 171.69.192.182: icmp: echo request
12:03:44.482127 192.168.42.17 > 171.69.192.182: icmp: echo request
12:03:45.492098 192.168.42.17 > 171.69.192.182: icmp: echo request
12:03:46.503055 192.168.42.17 > 171.69.192.182: icmp: echo request
^C
15 packets received by filter
0 packets dropped by kernel
europa# tcpdump -n -i ed1
tcpdump: listening on ed1
12:03:43.257038 192.168.42.17 > 171.69.192.182: icmp: echo request
12:03:44.260680 192.168.42.17 > 171.69.192.182: icmp: echo request
12:03:45.271052 192.168.42.17 > 171.69.192.182: icmp: echo request
12:03:46.282416 192.168.42.17 > 171.69.192.182: icmp: echo request
^C
4 packets received by filter
0 packets dropped by kernel
europa# ipfw show
00050 0 0 deny ip from 192.168.42.30 to not 192.168.42.16/28
00100 5 531 divert 8668 ip from any to any via ed1
00100 0 0 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
65000 89 7187 allow ip from any to any
65535 0 0 deny ip from any to any
I'm not much of a kernel hacker, but it seems to me that the packets from
utopia aren't being diverted at all, as evidenced by the counters. Also,
the outgoing packets on the europa's ed1 interface haven't been aliased
at all.
I hope this helps to hunt down the bug. (From this, I would think the problem
would be somewhere in the kernel portion of ipfirewall.)
--
Allan Saddi "The Earth is the cradle of mankind,
asaddi@philosophysw.com but we cannot live in the cradle
http://www.philosophysw.com/asaddi/ forever." - K.E. Tsiolkovsky
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9809201231150.15926-100000>