6.1 strange gre behavior

Stephen Clark Stephen.Clark at seclark.us
Fri Feb 15 13:22:42 UTC 2008 

Hello List,

Has anybody ever tried to use either ipf or ipfw to redirect packets 
coming off of a gre interface?

When I try it I get the the packet repeated multiple times on the 
destination interface. I have tried it
with both ipf and ipfw/natd with the same results.

I have packets coming in the gre interface to a local ip address that I 
am trying to redirect to an ip that exist out on a network
off a different interface.

This is my ipnat redirect rule:
rdr gre3 65.162.182.41/32 port 3655 -> 172.18.26.8 port 3655 tcp/udp

This is from the source end of the gre tunnel:
sclark# hping -S -c 1 -p 3655 65.162.182.41
HPING 65.162.182.41 (vr0 65.162.182.41): S set, 40 headers + 0 data bytes

--- 65.162.182.41 hping statistic ---
1 packets tramitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms


This is a tcpdump on the destination of the gre tunnel:
[root at J301002 ~]# tcpdump -nlvi gre3
tcpdump: listening on gre3, link-type NULL (BSD loopback), capture size 
96 bytes
08:17:01.561045 IP (tos 0x0, ttl  64, id 35844, offset 0, flags [none], 
proto: TCP (6), length: 40) 192.168.11.1.2495 > 65.162.182.41.3655: S, 
cksum 0x62e2 (correct), 221136318:221136318(0) win 512
08:17:01.561498 IP (tos 0x0, ttl  64, id 29833, offset 0, flags [none], 
proto: ICMP (1), length: 68) 192.168.10.1 > 192.168.11.1: ICMP time 
exceeded in-transit, length 48
        IP (tos 0x0, ttl   1, id 35844, offset 0, flags [none], proto: 
TCP (6), length: 40) 192.168.11.1.2495 > 172.18.26.8.3655: S, cksum 
0x9493 (correct), 221136318:221136318(0) win 512

This is a tcpdump of the interface the packet comming from the gre 
tunnel is be redirected to - look how many packets there are !!!!!!!:
[root at J301002 ~]# tcpdump -nli rl0 host 172.18.26.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes
08:17:01.561109 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561120 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561127 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561133 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561138 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561144 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561150 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561156 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561161 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561167 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561173 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561178 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561184 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561190 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561195 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561201 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561207 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561213 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561219 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561235 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561241 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561247 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561254 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561259 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561265 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561271 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561277 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561283 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561288 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561294 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561300 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561306 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561312 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561317 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561323 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561329 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561335 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561341 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561347 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561353 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561359 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561364 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561370 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561376 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561381 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561387 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561393 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561399 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561405 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561411 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561417 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561422 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561428 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561434 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561440 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561445 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561451 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561457 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561463 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561469 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561474 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561480 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512
08:17:01.561486 IP 192.168.11.1.2495 > 172.18.26.8.3655: S 
221136318:221136318(0) win 512

Any help or ideas would be greatly appreciated.

Regards,
Steve

-- 

"They that give up essential liberty to obtain temporary safety, 
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty 
decreases."  (Thomas Jefferson)

More information about the freebsd-net mailing list