Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 10 Jul 2001 11:09:34 +0200
From:      Bohuslav Plucinsky <plk@in.nextra.sk>
To:        freebsd-net@freebsd.org
Cc:        freebsd-questions@freebsd.org, suutari@iki.fi, ru@freebsd.org
Subject:   natd and ICMP 3.4 packets
Message-ID:  <20010710110934.D1048@in.nextra.sk>
next in thread | raw e-mail | index | archive | help 
Hi there,

I have strange problem with natd and ICMP 3.4 (destination unreachable/
fragmentation needed) packets.

Situation:

  - we have FreeBSD 4.2-20001228-STABLE box with ipfw and natd configured
    xl0 interface have public address 195.168.x.x
    xl1 interface is connected to our intranet with private addr 10.10.1.1
    ipfw show:
       00100       0          0 allow ip from any to any via lo0
       ...
       09200       0          0 divert 8668 ip from any to any via xl0
       09300       0          0 allow ip from any to any

    natd is running with arguments: natd -n xl0

  - behind freebsd box is cisco router with GRE tunnel


 195.168.x.x
     xl0 ---------  xl1                          10.10.1.0/24 (MTU 1500)
 -------| FreeBSD |------------------------------------------------------.... 
         ---------               |
        ipfw +NAT                |
                                 |
                                 |  10.10.1.2
                             ----------
                            |  CISCO 1 |
                             ----------
                                ||
                                ||
                                ||  GRE tunnel (MTU 1476)
                                ||
                                ||
                                ||
                             ----------
                            |  CISCO 2 |
                             ----------
                                 |           10.10.20.0/24         ----
                                 ---------------------------------| PC |
                                                                   ----
                                                                10.10.20.2

Problem:

    If cisco router CISCO 1 sends ICMP 3.4 packet to any server on Internet,
    natd on FreeBSD box aliases data inside ICMP packet, but not IP headers
    There is tcpdump on xl1 interface:

11:56:54.376974 10.10.1.2 > 195.168.3.210: icmp: 10.10.20.2 unreachable - need to frag (mtu 1476)

   and on xl0 interface:

11:56:55.216974 10.10.1.2 > 195.168.3.210: icmp: 195.168.x.x unreachable - need to frag (mtu 1476)
                ^^^^^^^^^                        ^^^^^^^^^^^
   Is this bug in natd or make I some mistake in configuration?

Regards,


-- 

======================================================================
 Bohus PLUCINSKY                            e-mail: plk@in.nextra.sk
 Network Engineer
  
 N E X T R A 			
 Plynarenska 1                              tel: +421 7 58 228 111	
 824 71 Bratislava 26                       fax: +421 7 58 228 222
 S L O V A K I A                            http://www.nextra.sk
=======================================================================

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010710110934.D1048>