Date: Tue, 16 May 2017 03:22:10 +0300 From: Eugene Kazarinov <kamuzon@milshop.ru> To: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: something is not working: ipfw fwd VIA nat TO tun on FreeBSD-11 stable r318266 Message-ID: <CAAPCCHcc_goS-pEvru17MP7=rcVECtHiegGegzCHP2Whfmr7zw@mail.gmail.com> In-Reply-To: <CAAPCCHdvQ-MgzQVKO5ELATU01sJiG-Pyndwt%2Bt0%2BFfLUyE5nSg@mail.gmail.com> References: <CAAPCCHdvQ-MgzQVKO5ELATU01sJiG-Pyndwt%2Bt0%2BFfLUyE5nSg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I downgraded via makeworld&etc from /usr/src to 10.3-STABLE r318297 And now ipnat.rules is working and mapping forwarded packets. Maybe I forgot that pf nat didnt map forwarded packets on 10 version. I install this system some time ago. And dont remember which config is apply (ipnat.rules or pf.conf) By now I see that ipnat.rules is mapping forwarded packets on 10.3-STABLE and doesnt map they on version FreeBSD-11 stable r318266. So. Something in ipnat mechanism is broken in FreeBSD-11 stable r318266. 2017-05-15 23:28 GMT+03:00 Eugene Kazarinov <kamuzon@milshop.ru>: > Hello. > After upgrade from 10.3 stable something broke. > > I have tun0 > tun0: flags=8151<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500 > options=80000<LINKSTATE> > inet 10.10.0.6 --> 10.10.0.5 netmask 0xffffffff > groups: tun > Opened by PID 1111 > > in pf.conf I have rule > nat on tun0 inet from 192.168.10.0/24 to any -> 10.10.0.6 > > ipfw forwarding rule: > ipfw 1500 fwd 10.10.0.5 ip from 192.168.10.0/24 to any via em0 > > ipfw sh counts > 01500 1609 102098 fwd 10.10.0.5 ip from 192.168.10.0/24 to any > via em0 > > So packets from network 192.168.10.0/24 forward to tun0 and I see it > there BUT > Why I see they not mapped?!: > > # tcpdump -ni tun0 > 23:02:15.207682 IP 192.168.10.2 > 8.8.8.8: ICMP echo request, id 1, seq > 2253, length 40 > On another side of tun0 there is no packets. > > If I ping 10.10.0.1 then I see right packets on both sided of tun0 (so > tun0 is up and working) > 23:03:15.989577 IP 10.10.0.6 > 10.10.0.1: ICMP echo request, id 25095, > seq 0, length 64 > 23:03:15.992260 IP 10.10.0.1 > 10.10.0.6: ICMP echo reply, id 25095, seq > 0, length 64 > > Why pf doesnt map packets which are forwarded via ipfw? > > BTW > I'd try > ipnat.rules > map tun0 from 192.168.10.0/24 to any -> 10.10.0.6/32 > > but ipnat doesnt map forwarded packets too. Why? > > How to fix it?! > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAPCCHcc_goS-pEvru17MP7=rcVECtHiegGegzCHP2Whfmr7zw>