netbsd-help: Re: ipnat oddity

Subject: Re: ipnat oddity
To: Patrick Welche <prlw1@newn.cam.ac.uk>
From: Quentin Garnier <cube@cubidou.net>
List: netbsd-help
Date: 03/04/2005 11:40:25
--/0P/MvzTfyTu5j9Q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 04, 2005 at 10:07:35AM +0000, Patrick Welche wrote:
> On Fri, Mar 04, 2005 at 10:49:42AM +0100, Quentin Garnier wrote:
> > > It's that last part "redirect 192.168.205.130 to host 192.168.205.130=
" ?!
> >=20
> > What does ifconfig vlan3 say on gw?  Seems that gw thinks 192.168.204 a=
nd
> > 192.168.205 are on the same LAN segment.
>=20
> They are on the same segment.. vlan3 is on 192.168.192/20 which includes
> 204 and 205. Does this matter though? It seems the redirect is fired, just
> sideways..

Your network geometry is somewhat special.

204.6 is trying to reach 205.130 through 204.62, all of them being on the
same LAN segment.

So I guess you specifically added a route on 204.6 to make it use 204.62
instead of directly reaching 205.130.  Am I right?

If so, the real question is whether IPF should pick up the packet before
the stack sends a redirect for it or not.

Reading source makes me think it should pick up the packet, so for some
reason IPF doesn't work.  ipnat -l does list the rules?  is ipf active?

> (In the meantime things are working with a nasty DNS hack instead..)

Well, the route addition is nastier IMHO.

--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"When I find the controls, I'll go where I like, I'll know where I want
to be, but maybe for now I'll stay right here on a silent sea."
KT Tunstall, Silent Sea, Eye to the Telescope, 2004.

--/0P/MvzTfyTu5j9Q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQEVAwUBQig7GdgoQloHrPnoAQKpUgf+KSjtwoLqQR2yz55+ifkshBQY6mhSrggG
XSHBzW+D+CU1A/Kx5//ilYgqL4OcNFzQ6GVeZU8mva4p3ORxnBvs6hQg64wolM5G
wpq261PBRQ6DRXPfpQfjXRUyXjMDURyXamBmWBCDhnhaVMZEB+2WcKKnRjAIudjY
tj/zwhtDVrFBqQhN2cduIniGeFYILVIGBE2n1aftcfNtpkjWZxXNIGarf6MEqVw6
BP6eE1q7OxBUGGrzqr5XjlMBvGXoDBEGLeyod9A36x68t2HMdfoYQD8ok6IwRAXP
sg7bSmvfnF6oeKRp7rEdsrswIU9zsP10KOX22Z9+PQnF9i/RtRt9vQ==
=CPsJ
-----END PGP SIGNATURE-----

--/0P/MvzTfyTu5j9Q--