Subject: Re: nat on alpha
To: Ross Harvey <ross@teraflop.com>
From: nm <fb@vt.edu>
List: port-alpha
Date: 03/05/1998 15:49:59
At 11:07 AM 3/5/98 -0800, you wrote:
>I don't usually run it but I'd be happy to fix it if it's broken.
>
>What's wrong with it?
its great to see that someone is interested in it! i have de0 and
de1 on my alpha and de0 is 198.82.67.121 and de1 192.168.1.1
tcp and udp to not seem to work but icmp (pings) work fine.
tcp and udp packets do get thur the gateway machine and appear
to be destined for the right internal host but something about
them must be malformed because the internal host ignores them :(
now as far as details go, i have an older post i posted to the openbsd
list (openbsd/2.2 seems to have the same problem). ill attach that
little info sheet at the end of this message.
im going out of town for spring break but will be back
on the 16th (monday) and i can work on getting you some more up to
date stats and a better bug report
thank you for your time
nick maniscalco
nmanisca@vt.edu
here is some info on the problem:
a little diagram of the network(s):
Internet <I>----------<A>--------<B>
ok, now...
---- means ethernet segment...
<I> this is the main gateway to the internet
its ip is 198.82.67.1
<A> this is my openbsd box, it has two ethernet
cards, de0 and de1
de0 is 198.82.67.121 (class c)
de1 is 192.168.1.1 (class c)
<B> this is my winnt box, it has one ethernet card
with 192.168.1.2 as the ip
from B i can ping A and anything on the internet...
now, if i run tcpdump -i de1 on A (the openbsd machine)
and try to do a name server look up from B, here is what
is shown:
21:09:45.867187 glacier.1165 > dcssvx.cc.vt.edu.domain: 1+ (29)
21:09:45.873046 dcssvx.cc.vt.edu.domain > glacier.1165: 1* 1/5/5 (245)
ok, now glacier is box B and dcssvx.cc.vt.edu is the name server
out on the net somewhere...
from this its obvious that the information for the request for the
lookup got to the name server and was processed and sent back...
you can also see that the result of that query did make it onto the
same network that B is on...
however B appears as if the request never made it and times out :(
--- how ipf is executed ---
ipf -Fa -f /etc/ipf.rules -E
--- how ipnat is executed ---
ipnat -CF -f /etc/nat.rules
--- ipnat -l right after boot up ---
# ipnat -l
List of active MAP/Redirect filters:
map de0 192.168.1.0/24 -> 198.82.67.121/32 portmap tcp/udp 10000:20000
map de0 192.168.1.0/24 -> 198.82.67.121/32
List of active sessions:
--- ipf.rules ---
# cat ipf.rules
pass in from any to any
pass out from any to any
--- nat.rules ---
# cat nat.rules
map de0 192.168.1.0/24 -> 198.82.67.121/32 portmap tcp/udp 10000:20000
map de0 192.168.1.0/24 -> 198.82.67.121/32
--- ifconfig and route info ---
# ifconfig -A
lo0: flags=8009<UP,LOOPBACK,MULTICAST>
inet 127.0.0.1 netmask 0xff000000
de0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST>
inet 198.82.67.121 netmask 0xffffff00 broadcast 198.82.67.255
de1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST>
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST>
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST>
sl2: flags=c010<POINTOPOINT,LINK2,MULTICAST>
sl3: flags=c010<POINTOPOINT,LINK2,MULTICAST>
# route -n show
Routing tables
Internet:
Destination Gateway Flags
default 198.82.67.1 UG
127.0.0.0 127.0.0.1 UG
127.0.0.1 127.0.0.1 UH
192.168.1.0 link#2 U
192.168.1.2 0:0:c0:3e:ea:d UH
198.82.67.0 link#1 U
198.82.67.1 0:0:c:7f:91:20 UH
198.82.67.121 127.0.0.1 UGH
224.0.0.0 link#1 U