port-i386: Re: pkg

Subject: Re: pkg_add
To: None <port-i386@NetBSD.org>
From: Richard Ibbotson <richard@sheflug.co.uk>
List: port-i386
Date: 01/08/2005 21:45:12
This was on the IP filter list today but I really do think that is not=20
related to anything that I am looking at on my own domestic network. =20
Don't think I should be sending it in here either.  Just that it=20
might be helpful ...........

=20

pptp client behind NAT - transfer hangs up
=46rom: Egervary Gergely <egervary@expertlan.hu>
To: ipfilter@coombs.anu.edu.au
Date: Today 20:58:07

(sorry for my bad english)

scenario: NetBSD nat box, PPTP server at some ISP w/public IP,
PPTP client on my private network behind the NetBSD nat.
first of all: this setup works with NetBSD 1.6.2 (IPFilter 3.x)=20
flawlessly, the problem was triggered by the upgrade to NetBSD 2.0

$ ipf -V
ipf: IP Filter: v4.1.3 (396)

the problem:
PPTP client can connect to the PPTP server, but the connection hangs=20
up if there's no data traffic from the PPTP client to the PPTP server=20
for 2-3 seconds.

If I start a simple ``ping'' on the client, the connection stays up=20
and running, and everyting is okay. If I stop pinging the server, the=20
the connection hangs, I can't even ping the client from the server.=20
If I start any data transfer from the client again, the connection is=20
back and working again.

Of course, if there's no traffic from the client for several minutes,
the link not only hangs, but server disconnects, as LCP echo requests
cannot reach the client.

this is 100% reproduceable on my box.

my ipf rules:

pass in quick proto gre
pass in quick all
pass out quick proto gre
pass out quick all

my ipnat rules:

map ex0 10.0.0.0/8 -> my.external.ip.addr/32 proxy port ftp ftp/tcp
map ex0 10.0.0.0/8 -> my.external.ip.addr/32 portmap tcp/udp=20
20000:40000
map ex0 10.0.0.0/8 -> my.external.ip.addr/32

``ipnat -l'' shows the following entry when connected:

MAP pptp-client-ip =A02145 =A0<- -> natbox-ip =A029981 [pptp-server-ip 1723]

the following entry (for protocol gre) is _only_ visible when the=20
client=20
does data traffic:

MAP pptp-client-ip =A0<- -> natbox-ip =A0[pptp-server-ip]

probably it's something similar like:

http://marc.theaimsgroup.com/?l=3Dipfilter&m=3D107881852125357&w=3D2


=2D-=20
Richard