Discussion:
5.1-RC1: NAT redirect fails
(too old to reply)
Jeff Wyman
2010-05-06 21:36:58 UTC
Permalink
I have a system doing some simple routing, including one NAT redirect
for port forwarding. Last weekend I updated this system to 5.1-RC1 using
the stable branch. Since then, it seems that the NAT redirect no longer
works. I don't know if there's another reason why it's stopped working,
but the update is the only thing that's changed on this system since I
last successfully connected to the forwarded port via the redirect rule.

First,
the port being forwaded to on the internal network has been verified to
be open and responding to connections, so this is not the issue.

What
I found when trying to connect to forwarded port 5903 (IP addresses
edited for privacy):

From 'ipmon -a |grep 5903':


05/05/2010
22:54:39.942819 @3 NAT:RDR 192.168.1.10,5900 <- ->
24.16.xxx.xxx,5903 [76.121.xxx.xxx,53709 PR tcp]
05/05/2010
22:54:39.942854 @3 NAT:DESTROY 192.168.1.10,5900 <- ->
24.16.xxx.xxx,5903 [76.121.xxx.xxx,53709 PR tcp]


Then, I tried
opening the connection again and running 'ipnat -l'. It briefly displays
the redirected connection, then reissuing the command immediately
produced interesting output:


(11:wysoft)-~>> ipnat -l
List
of active MAP/Redirect filters:
map fxp0 192.168.1.0/24 ->
0.0.0.0/32 portmap tcp 10000:20000
map fxp0 192.168.1.0/24 ->
0.0.0.0/32
rdr fxp0 24.16.xxx.xxx/32 port 5903 -> 192.168.1.10
port 5900 tcp

List of active sessions:
MAP 192.168.1.10   
5900  <- -> 24.16.xxx.xxx    18997 [76.121.xxx.xxx 53716]
(12:wysoft)-~>>
ipnat -l
List of active MAP/Redirect filters:
unknown value for
in_redir: 0
  0.0.0.0/0 -> 0.0.0.0/0

List of active
sessions:
unknown(0000) 0.0.0.0         <- -> 0.0.0.0        
[0.0.0.0]
(13:wysoft)-~>>


Not sure what else to do
at this point other than move back to release sources possibly. But if
there's a bug to be found, I figure I should mention this.

Thanks,
Jeff
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Matthew Mondor
2010-05-30 17:48:50 UTC
Permalink
On Thu, 6 May 2010 21:36:58 +0000
Post by Jeff Wyman
I have a system doing some simple routing, including one NAT redirect
for port forwarding. Last weekend I updated this system to 5.1-RC1 using
the stable branch. Since then, it seems that the NAT redirect no longer
works. I don't know if there's another reason why it's stopped working,
but the update is the only thing that's changed on this system since I
last successfully connected to the forwarded port via the redirect rule.
Do you still experience this with the current netbsd-5 branch? If so,
was a PR filed for it? I would like to track its PR #.

Thanks,
--
Matt

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Martin Husemann
2010-05-30 19:48:17 UTC
Permalink
Post by Matthew Mondor
Do you still experience this with the current netbsd-5 branch? If so,
was a PR filed for it? I would like to track its PR #.
I can reproduce it with -current and latest netbsd-5 on one machine, but I
also tried to reproduce it on a test machine and couldn't make it fail there
- so there is something specific to the problem I haven't recognized yet.

No PR yet, as far as I know.

Martin

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...