Subject: ipnat rdr problems...
To: None <>
From: None <>
List: tech-net
Date: 03/29/2004 21:28:06

	I'm working on debugging a product build on top of NetBSD
	1.6.2.  The particular problem is that the following nat

rdr bge0 port domain -> port domainproxy tcp 
rdr bge1 port domain -> port domainproxy tcp 

	cause a problem when packets are recieved on the bge1
	(i.e. second) interface.  The first interface works fine (it
	connects the TCP stream to a program doing proxying from
	inetd.conf) but when the TCP SYN is received on bge1 the
	machine's replying SYN has an ip source of which is

	The routing table looks like this:

Destination        Gateway            Flags     Refs     Use    Mtu  Interface
default       UGS         0     3038      -  bge0     UGHD        1      139      -  bge0
127                UGRS        0        0  33220  lo0          UH          1      226  33220  lo0
128.177.197/28     link#1             UC          4        0      -  bge0  link#2             UC          2        0      -  bge1

	And the ipnat -l output looks like this:

# /usr/sbin/ipnat -l
List of active MAP/Redirect filters:
rdr bge0 port 53 -> port 553 tcp
rdr bge1 port 53 -> port 553 tcp

List of active sessions:
RDR       553   <- ->   53    []

	I have not started tracing through the network code yet but I
	figure there is an issue with tracking the interface that a
	packet came in on.  BTW IPSec is not enabled, if that matters.

Thanks for any info,