[ng_nat]bug w/ traceroute?
Lytochkin Boris
lytboris at gmail.com
Thu Sep 28 03:54:27 PDT 2006
Hello!
I have a router configured for NAT using ng_nat & ipfw.
>ipfw:
>01050 allow ip from me to any
>01100 netgraph 60 ip from 192.168.90.0/24 to not 192.168.0.0/16 out via rl0
>01101 netgraph 61 ip from any to 193.232.121.245 in via rl0
>01200 allow ip from any to any
>/etc/ngctl.conf:
>mkpeer ipfw: nat 60 out
>name ipfw:60 nat_cars
>connect ipfw: nat_cars: 61 in
>msg nat_cars: setaliasaddr 193.232.121.245
There is a very strange situation on the NAT'ing server:
>traceroute -P icmp -z 500 -w 2 -q 1 194.87.0.50
traceroute to 194.87.0.50 (194.87.0.50), 64 hops max, 60 byte packets
1 *
2 *
3 *
4 *
5 *
6 *
7 www.ru (194.87.0.50) 14.582 ms
The problem can be eliminated deleting 1101 rule:
>traceroute -P icmp -z 500 -w 2 -q 1 194.87.0.50
traceroute to 194.87.0.50 (194.87.0.50), 64 hops max, 60 byte packets
1 knogw.phys.msu.ru (193.232.121.129) 2.809 ms
2 phsw3550.phys.msu.ru (193.232.122.1) 3.959 ms
3 MSU-PHYS.ATM2-0.122.HQ-R1.msu.net (193.232.127.77) 577.372 ms
4 CAMPUS-M9.ATM9-0-0.10.CAMPUS.msu.net (193.232.127.82) 9.012 ms
5 M9-IX-1G.Demos.net (193.232.244.35) 11.258 ms
6 iki-1-vl10.Demos.net (194.87.0.83) 7.151 ms
7 www.ru (194.87.0.50) 7.976 ms
NAT using pf or ipfw_natd seems to work properly in this situation.
The problem is reproduced on both my servers and this behaviour can be
seen _only_ on the server: clients that are NATed using this config
can traceroute correctly.
>uname -a
FreeBSD torrent 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #13: Sat Sep 16 16:16:16 MSD 2006 root at torrent:/usr/obj/usr/src/sys/TORRENT i386
--
Best regards,
Lytochkin mailto:lytboris at gmail.com
More information about the freebsd-net
mailing list