i386/157379: mtr does not work if I use ipfw nat
Eugen Konkov
kes-kes at yandex.ru
Sat May 28 11:30:09 UTC 2011
>Number: 157379
>Category: i386
>Synopsis: mtr does not work if I use ipfw nat
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat May 28 11:30:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Eugen Konkov
>Release: 9.0-CURRENT
>Organization:
ISP FreeLine
>Environment:
uname -a
FreeBSD bor 9.0-CURRENT FreeBSD 9.0-CURRENT #1: Wed Feb 23 09:39:22 UTC 2011 @:/usr/obj/usr/src/sys/KES_KERN_v9 i386
>Description:
mtr 213.180.204.3
mtr 94.100.191.203
while doing mtr on other session do tcpdump:
listening on vlan407, link-type EN10MB (Ethernet), capture size 65535 bytes
13:15:22.791802 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 59520, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe72 0000 0101 9831 4d5d 3404 d5b4 . at .r.....1M]4...
0x0020: cc03 0800 3754 d82a e880 0000 0000 0000 ....7T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:22.892287 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 59776, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe75 0000 0201 972e 4d5d 3404 d5b4 . at .u......M]4...
0x0020: cc03 0800 3654 d82a e980 0000 0000 0000 ....6T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:22.992803 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 60032, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe7c 0000 0301 9627 4d5d 3404 d5b4 . at .|.....'M]4...
0x0020: cc03 0800 3554 d82a ea80 0000 0000 0000 ....5T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:23.093404 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 60288, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe7f 0000 0401 9524 4d5d 3404 d5b4 . at .......$M]4...
0x0020: cc03 0800 3454 d82a eb80 0000 0000 0000 ....4T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:23.193854 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 60544, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe85 0000 0501 941e 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 3354 d82a ec80 0000 0000 0000 ....3T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:23.294431 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 60800, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe89 0000 0601 931a 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 3254 d82a ed80 0000 0000 0000 ....2T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:23.394907 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 61056, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe8e 0000 0701 9215 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 3154 d82a ee80 0000 0000 0000 ....1T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:23.538341 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 61312, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe90 0000 0101 9813 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 3054 d82a ef80 0000 0000 0000 ....0T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:23.681751 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 61568, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fe9b 0000 0201 9708 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2f54 d82a f080 0000 0000 0000 ..../T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:23.913457 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 61824, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fea3 0000 0301 9600 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2e54 d82a f180 0000 0000 0000 .....T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:24.057309 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 62080, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 fea7 0000 0401 94fc 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2d54 d82a f280 0000 0000 0000 ....-T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:24.200882 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 62336, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 feaa 0000 0501 93f9 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2c54 d82a f380 0000 0000 0000 ....,T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:24.344392 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 62592, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 feb0 0000 0601 92f3 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2b54 d82a f480 0000 0000 0000 ....+T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:24.487980 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 62848, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 feb4 0000 0701 91ef 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2a54 d82a f580 0000 0000 0000 ....*T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:24.631766 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 63104, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 feb9 0000 0101 97ea 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2954 d82a f680 0000 0000 0000 ....)T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:24.775333 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 63360, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 febb 0000 0201 96e8 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2854 d82a f780 0000 0000 0000 ....(T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:24.918849 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 63616, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 febf 0000 0301 95e4 4d5d 3404 d5b4 . at ........M]4...
0x0020: cc03 0800 2754 d82a f880 0000 0000 0000 ....'T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:28.649027 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 59520, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff44 0000 0101 1ae8 4d5d 3404 5e64 . at .D......M]4.^d
0x0020: bfcb 0800 3654 d92a e880 0000 0000 0000 ....6T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:28.749496 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 59776, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff4b 0000 0201 19e1 4d5d 3404 5e64 . at .K......M]4.^d
0x0020: bfcb 0800 3554 d92a e980 0000 0000 0000 ....5T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:28.850068 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 60032, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff4f 0000 0301 18dd 4d5d 3404 5e64 . at .O......M]4.^d
0x0020: bfcb 0800 3454 d92a ea80 0000 0000 0000 ....4T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:28.950591 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 60288, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff55 0000 0401 17d7 4d5d 3404 5e64 . at .U......M]4.^d
0x0020: bfcb 0800 3354 d92a eb80 0000 0000 0000 ....3T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.051139 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 60544, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff58 0000 0501 16d4 4d5d 3404 5e64 . at .X......M]4.^d
0x0020: bfcb 0800 3254 d92a ec80 0000 0000 0000 ....2T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.082387 IP 94.100.191.203 > 77.93.52.4: ICMP echo reply, id 55594, seq 60544, length 44
0x0000: 001c c0c8 5a4e 0015 17bc 8cb2 0800 4500 ....ZN........E.
0x0010: 0040 f9d0 0000 3a01 e75b 5e64 bfcb 4d5d . at ....:..[^d..M]
0x0020: 3404 0000 3a54 d92a ec80 0000 0000 0000 4...:T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.151650 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 60800, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff61 0000 0601 15cb 4d5d 3404 5e64 . at .a......M]4.^d
0x0020: bfcb 0800 3154 d92a ed80 0000 0000 0000 ....1T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.182947 IP 94.100.191.203 > 77.93.52.4: ICMP echo reply, id 55594, seq 60800, length 44
0x0000: 001c c0c8 5a4e 0015 17bc 8cb2 0800 4500 ....ZN........E.
0x0010: 0040 f9d1 0000 3a01 e75a 5e64 bfcb 4d5d . at ....:..Z^d..M]
0x0020: 3404 0000 3954 d92a ed80 0000 0000 0000 4...9T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.319164 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 61056, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff64 0000 0101 1ac8 4d5d 3404 5e64 . at .d......M]4.^d
0x0020: bfcb 0800 3054 d92a ee80 0000 0000 0000 ....0T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.486285 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 61312, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff6d 0000 0201 19bf 4d5d 3404 5e64 . at .m......M]4.^d
0x0020: bfcb 0800 2f54 d92a ef80 0000 0000 0000 ..../T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.653592 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 61568, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff7a 0000 0301 18b2 4d5d 3404 5e64 . at .z......M]4.^d
0x0020: bfcb 0800 2e54 d92a f080 0000 0000 0000 .....T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.820990 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 61824, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff86 0000 0401 17a6 4d5d 3404 5e64 . at ........M]4.^d
0x0020: bfcb 0800 2d54 d92a f180 0000 0000 0000 ....-T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:29.988234 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 62080, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff94 0000 0501 1698 4d5d 3404 5e64 . at ........M]4.^d
0x0020: bfcb 0800 2c54 d92a f280 0000 0000 0000 ....,T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:30.018923 IP 94.100.191.203 > 77.93.52.4: ICMP echo reply, id 55594, seq 62080, length 44
0x0000: 001c c0c8 5a4e 0015 17bc 8cb2 0800 4500 ....ZN........E.
0x0010: 0040 f9d2 0000 3a01 e759 5e64 bfcb 4d5d . at ....:..Y^d..M]
0x0020: 3404 0000 3454 d92a f280 0000 0000 0000 4...4T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:30.020145 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 62336, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff96 0000 0101 1a96 4d5d 3404 5e64 . at ........M]4.^d
0x0020: bfcb 0800 2b54 d92a f380 0000 0000 0000 ....+T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:30.220915 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 62592, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff99 0000 0201 1993 4d5d 3404 5e64 . at ........M]4.^d
0x0020: bfcb 0800 2a54 d92a f480 0000 0000 0000 ....*T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:30.421681 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 62848, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ff9c 0000 0301 1890 4d5d 3404 5e64 . at ........M]4.^d
0x0020: bfcb 0800 2954 d92a f580 0000 0000 0000 ....)T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:30.622383 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 63104, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ffa2 0000 0401 178a 4d5d 3404 5e64 . at ........M]4.^d
0x0020: bfcb 0800 2854 d92a f680 0000 0000 0000 ....(T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:30.823029 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 63360, length 44
0x0000: 0015 17bc 8cb2 001c c0c8 5a4e 0800 4500 ..........ZN..E.
0x0010: 0040 ffa8 0000 0501 1684 4d5d 3404 5e64 . at ........M]4.^d
0x0020: bfcb 0800 2754 d92a f780 0000 0000 0000 ....'T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
13:15:30.855245 IP 94.100.191.203 > 77.93.52.4: ICMP echo reply, id 55594, seq 63360, length 44
0x0000: 001c c0c8 5a4e 0015 17bc 8cb2 0800 4500 ....ZN........E.
0x0010: 0040 f9d3 0000 3a01 e758 5e64 bfcb 4d5d . at ....:..X^d..M]
0x0020: 3404 0000 2f54 d92a f780 0000 0000 0000 4.../T.*........
0x0030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0x0040: 0000 0000 0000 0000 0000 0000 0000 ..............
I have next firewall rules
27256 837110393 768523132480 nat 101 ip from any to 77.93.52.4 in recv vlan407
27490 839235989 768673636925 allow ip from any to any in recv vlan407
27499 0 0 deny log ip from any to any via vlan407
27499 0 0 skipto 65000 ip from any to any
27756 354470115 133051085278 nat 101 ip from 192.168.0.0/16 to any out xmit vlan407
27890 999734221 872518576234 allow ip from any to any out xmit vlan407
27899 0 0 deny log ip from any to any via vlan407
ipfw nat 101 config ip 77.93.52.4 unreg_only reset
when I delete these rules and add
ipfw add 1 allow all from any to any
mtr works fine without any problem.
when configure NAT to divert packet to natd. mtr also works fine.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-i386
mailing list