bug in ipnat?

To: tech-net%netbsd.org@localhost
Subject: bug in ipnat?
From: Egervary Gergely <gergely%egervary.hu@localhost>
Date: Tue, 05 Jun 2012 11:28:33 +0200

(Sorry for my bad English)

I'm using NetBSD 5.1.2 on i386, IP Filter v4.1.29

This one works as expected:

map vlan12 10.0.0.0/8 -> aa.bb.cc.dd/32 proxy port 21 ftp/tcp
map vlan12 10.0.0.0/8 -> aa.bb.cc.dd/32 portmap tcp/udp 25000:35000
map vlan12 10.0.0.0/8 -> aa.bb.cc.dd/32

Documentation says this should be equivalent:

map vlan12 from 10.0.0.0/8 to any -> aa.bb.cc.dd/32 proxy port 21 ftp/tcp
map vlan12 from 10.0.0.0/8 to any -> aa.bb.cc.dd/32 portmap tcp/udp 25000:35000
map vlan12 from 10.0.0.0/8 to any -> aa.bb.cc.dd/32

However, with this NAT works, but I get an extra 3 seconds delay on all new
TCP connections. tcpdump shows the first ACK packet is dropped. After 
retransmit,
everything is okay.

Any ideas?
Thank you in advance.
--
Gergely EGERVARY

Prev by Date: m_copym() panics possibly due to pfil hook?
Next by Date: stray & in SIOGLIFCONF ioctl handling
Previous by Thread: m_copym() panics possibly due to pfil hook?
Next by Thread: stray & in SIOGLIFCONF ioctl handling
Indexes:

Home | Main Index | Thread Index | Old Index