misc/69954: PF Nat with a PPP connection uses wrong addresses

Lawrence Farr l.farr at epcdirect.co.uk
Tue Aug 3 08:40:20 PDT 2004 

>Number:         69954
>Category:       misc
>Synopsis:       PF Nat with a PPP connection uses wrong addresses
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 03 15:40:19 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Lawrence Farr
>Release:        -CURRENT
>Organization:
EPC Direct
>Environment:
FreeBSD mollie.epcdirect.co.uk 5.2-CURRENT FreeBSD 5.2-CURRENT #0: Fri Jul 23 01:48:06 BST 2004     root at buildhost.int.epcdirect.co.uk:/usr/obj/usr/src/sys/ROUTER  i386
>Description:
      When using PF's NAT with a PPP dialup, the wrong outgoing address is used by NAT in a round robin form. 
PF rule
nat on $ext_if from $internal_net to any -> ($ext_if)

(Where $ext_if=tun0)


PPP config line:
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.255 0.0.0.0

Becomes
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffffff

And when connected:
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 213.122.204.66 --> 213.120.208.171 netmask 0xffffffff

A tcpdump of a succesful connection shows:
21:40:53.176154 IP 213.122.204.66.61726 > 195.10.242.32.110: . ack 82 win 17296
21:40:53.176325 IP 213.122.204.66.61726 > 195.10.242.32.110: F 7:7(0) ack 82 win 17296

But the next connection shows:
21:40:58.187545 IP 10.0.0.1.62059 > 195.10.242.32.110: S 2862758557:2862758557(0) win 16384 <mss 1460,nop,nop,sackOK>
21:41:01.174007 IP 10.0.0.1.62059 > 195.10.242.32.110: S 2862758557:2862758557(0) win 16384 <mss 1460,nop,nop,sackOK>

Note the source address has become the original address for the
PPP connection.
>How-To-Repeat:
      Connect with the ppp config line as shown above and the pf rule and try sequential connections through the NAT router.
>Fix:
      Set NAT to use a specific address rather than tun0
nat on $ext_if from $internal_net to any -> 213.122.204.66
and the problem stops. This is a problem if you get a dynamic IP address.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list