misc/162739: ipfw+nat redirect_addr option no longer works (as
expected?)
Terrence Koeman
terrence at mediamonks.net
Mon Nov 21 22:20:06 UTC 2011
>Number: 162739
>Category: misc
>Synopsis: ipfw+nat redirect_addr option no longer works (as expected?)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 21 22:20:05 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Terrence Koeman
>Release: 8.2-STABLE on 2011.07.10.03.00.00
>Organization:
>Environment:
FreeBSD satanael 8.2-STABLE FreeBSD 8.2-STABLE #30: Mon Nov 21 17:18:52 CET 2011 terrence at satanael:/usr/obj/usr/src/sys/SATANAEL-SMP amd64
compiled from cvs 2011.07.10.03.00.00
>Description:
I updated a 8-STABLE machine recently (last update february 2011) and noticed that the static NAT translations stopped working.
Relevant ipfw rules:
----
$cmd nat 20 config ip $outsidenat \
redirect_addr 172.16.0.70 ext.ext.ext.70 \
redirect_addr 172.16.0.68 ext.ext.ext.68 \
redirect_addr 172.16.0.69 ext.ext.ext.69 \
redirect_addr 172.16.0.71 ext.ext.ext.71 \
redirect_addr 172.16.0.72 ext.ext.ext.72 \
redirect_addr 172.16.0.73 ext.ext.ext.73 \
redirect_addr 172.16.0.74 ext.ext.ext.74 \
redirect_addr 172.16.0.75 ext.ext.ext.75 \
redirect_addr 172.16.0.76 ext.ext.ext.76 \
redirect_addr 172.16.0.77 ext.ext.ext.77
$cmd add 00450 nat 20 all from $insidenet to not $insidenet out via $outside
$cmd add 00500 nat 20 all from any to $outsidenet in via $outside
----
This makes 172.16.0.70-77 get static nat-ed to ext.ext.ext.70-77 and any other 172.16.0.0/12 to $outsidenat.
This works when I use cvs 2011.07.01.03.00.00, and this stops working when I use 2011.07.10.03.00.00.
With 'stops working' I mean that clients 172.16.0.70-77 are translated to $outsidenat instead of ext.ext.ext.70-77 as expected. When I remove the general nat IP (ip $outsidenat), translation ceases entirely.
I suspected that svn commit r223872 (http://lists.freebsd.org/pipermail/svn-src-stable-8/2011-July/005776.html) might be the cause and chose the dates accordingly. The problem seems to be caused by this change.
>How-To-Repeat:
Use cvs 2011.07.10.03.00.00, compile,install kernel & world. redirect_addr stops working.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list