Re: bin/39520: IPNAT fails to consistently handle FTP sessions

[Peter Eisch <peter%boku.net@localhost>]

The following reply was made to PR bin/39520; it has been noted by GNATS.

From: Peter Eisch <peter%boku.net@localhost>
To: <gnats-bugs%NetBSD.org@localhost>,
        <gnats-admin%netbsd.org@localhost>,
        <netbsd-bugs%netbsd.org@localhost>
Cc: 
Subject: Re: bin/39520: IPNAT fails to consistently handle FTP sessions
Date: Mon, 29 Sep 2008 13:48:46 -0500

 It breaks on a wm interface as well.
 
 /etc/ipnat.conf:
 ...
 map wm2 10.1.100.0/24 -> 0/32 proxy port ftp ftp/tcp
 map wm2 10.1.100.0/24 -> 0/32 portmap tcp/udp 40000:60000
 map wm2 10.1.100.0/24 -> 0/32
 ...
 bimap wm2    10.1.100.80/32 -> 208.79.193.34/32
 ...
 
 Tcpdump on the device just adjacent the client:
 12:39:58.763181 IP (tos 0x0, ttl 128, id 7163, offset 0, flags [DF], length:
 64) 10.1.100.129.1305 > 206.9.34.88.21: P [tcp sum ok] 35:59(24) ack 78 win
 65458
         0x0000:  4500 0040 1bfb 4000 8006 7fd9 0a01 6481  E..@..@.......d.
         0x0010:  ce09 2258 0519 0015 ccd1 38be aefa 4d54  .."X......8...MT
         0x0020:  5018 ffb2 e5ba 0000 504f 5254 2031 302c  P.......PORT.10,
         0x0030:  312c 3130 302c 3132 392c 352c 3238 0d0a  1,100,129,5,28..
 
 
 Tcpdump on the ftp server:
 12:33:48.346118 IP (tos 0x0, ttl 120, id 7163, offset 0, flags [DF], proto:
 TCP (6), length: 64) 208.79.193.34.pe-mike > 206.9.34.88.ftp: P, cksum
 0xc2ca (correct), 35:59(24) ack 78 win 65458
     0x0000:  4500 0040 1bfb 4000 7806 64e9 d04f c122  E..@..@.x.d..O."
     0x0010:  ce09 2258 0519 0015 ccd1 38be aefa 4d54  .."X......8...MT
     0x0020:  5018 ffb2 c2ca 0000 504f 5254 2031 302c  P.......PORT.10,
     0x0030:  312c 3130 302c 3132 392c 352c 3238 0d0a  1,100,129,5,28..
 
 
 Of course, int the second trace (on the server) the ftp client IP address
 should be 208.79.193.34 and not 10.1.100.129.