misc/116238: natd/ipfw not maintaining interface of udp packets (maybe tcp too?)

Joe Acosta josepha48 at yahoo.com
Sun Sep 9 15:10:04 PDT 2007 

>Number:         116238
>Category:       misc
>Synopsis:       natd/ipfw not maintaining interface of udp packets (maybe tcp too?)
>Confidential:   no
>Severity:       non-critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 09 22:10:04 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Joe Acosta
>Release:        6.2 p7
>Organization:
>Environment:
FreeBSD gaywayrouter.org 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #3: Thu Aug 16 21:54:24 PDT 2007     root at bobthebuilder.gaywayrouter.org:/usr/obj/usr/src/sys/CDGAYWAY  i386

>Description:
natd is natting everything and messing up certain outgoing packets.

So packets coming in on interface INT_IFACE go out EXT_IFACE and come back again.  That works fine as expected. 

However running a service on the internal interface (INT_IFACE) results in packets going into INT_IFACE and returing from EXT_IFACE.  This was first noticed in isc-dhcp3-server where the service is not bound to an ip address, it is bound to an interface like INT_IFACE.  


For DNS queries go out EXT_IFACE with EXT_IP address. Then they come back in and are 'de-natted' and sent to INT_IFACE.  

DNS: 

    - query comes in via int iface / ilan
    - query then is natted and sent out ext iface / ext ip 
    - query comes back in via ext iface and denatted 
    - response is sent back to client in iface / ilan


For DHCP packets are sent broadcast.  

    - query comes in via int iface / ilan as broadcast 0.0.0.0 68 to 255.255.255.255 67
    - query then is natted and sent out ext iface / ext ip 
         ----> broadcast OUT Ext interface instead of int iface 
    - client never gets IP address.


Could it be my firewall rules or something else?  yes, but this setup works with a dhcp binary built with freebsd 5.x


>How-To-Repeat:
install dhcp, on a dual nic box. 

setup a firewall and nat on ext nic using ipfw/natd

try to get dhcp ip address on internal lan


>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list