netbsd-help: Re: ipnat oddity

Subject: Re: ipnat oddity
To: Quentin Garnier <cube@cubidou.net>
From: Patrick Welche <prlw1@newn.cam.ac.uk>
List: netbsd-help
Date: 03/04/2005 09:38:12
On Fri, Mar 04, 2005 at 10:21:56AM +0100, Quentin Garnier wrote:
> On Fri, Mar 04, 2005 at 08:56:09AM +0000, Patrick Welche wrote:
> > This is with -current 4.1.6 ipfilter.. It looks as though I have something
> > back to front..
> > 
> > tcpdump:
> > 
> > IP cowsadmin.204.168.192.in-addr.arpa.1164 > 192.168.205.130.http: S 4208745430:4208745430(0) win 65535 <mss 1460,nop,nop,sackOK>
> > IP gw.168.192.in-addr.arpa > cowsadmin.admin.newn.cam.ac.uk.204.168.192.in-addr.arpa: icmp 36: redirect 192.168.205.130 to host 192.168.205.130
> [...]
> > Am I missing something?
> 
> Can't comment much about the rest, but at least you're missing ending
> dots in your reverse DNS entries :)
> 
> On the issue, though, you should provide a -n trace.  It's hard to tell
> what is gw, and how different are cowsadmin and
> cowsadmin.admin.newn.cam.ac.uk, as they don't seem to have the same IP
> address?

Sorry, I just reduced the line length of one, but as I've been up for over
24 hours, I didn't do the same edit later..

It's that last part "redirect 192.168.205.130 to host 192.168.205.130" ?!


Here is tcpdump -nti vlan3:

IP 192.168.204.6.1188 > 192.168.205.130.80: S 615063286:615063286(0) win 65535 <mss 1460,nop,nop,sackOK>
IP 192.168.204.62 > 192.168.204.6: icmp 36: redirect 192.168.205.130 to host 192.168.205.130
IP 192.168.204.6.123 > 192.168.205.143.123: NTPv4 client, strat 6, poll 6, prec -18
IP 192.168.204.62 > 192.168.204.6: icmp 36: redirect 192.168.205.143 to host 192.168.205.143
IP 192.168.204.6.1188 > 192.168.205.130.80: S 615063286:615063286(0) win 65535 <mss 1460,nop,nop,sackOK>
IP 192.168.204.62 > 192.168.204.6: icmp 36: redirect 192.168.205.130 to host 192.168.205.130
IP 192.168.204.6.123 > 192.168.205.130.123: NTPv4 client, strat 6, poll 6, prec -18
IP 192.168.204.62 > 192.168.204.6: icmp 36: redirect 192.168.205.130 to host 192.168.205.130
IP 192.168.204.6.1188 > 192.168.205.130.80: S 615063286:615063286(0) win 65535 <mss 1460,nop,nop,sackOK>
IP 192.168.204.62 > 192.168.204.6: icmp 36: host 192.168.205.130 unreachable

ipnat.conf:
rdr vlan3 192.168.205.130/32 port 80 -> 192.168.0.130 port 80 tcp
rdr vlan3 192.168.205.130/32 port 443 -> 192.168.0.130 port 443 tcp
rdr vlan3 192.168.205.130/32 port 25 -> 192.168.0.130 port 25 tcp
rdr vlan3 192.168.205.143/32 port 143 -> 192.168.0.143 port 143 tcp
rdr vlan3 192.168.205.143/32 port 80 -> 192.168.0.143 port 80 tcp
rdr vlan3 192.168.205.143/32 port 443 -> 192.168.0.143 port 443 tcp
rdr vlan3 192.168.205.143/32 port 123 -> 192.168.0.143 port 123 tcp/udp
rdr vlan3 192.168.205.130/32 port 123 -> 192.168.0.130 port 123 tcp/udp

Cheers,

Patrick