>Number:         3435
>Category:       kern
>Synopsis:       NAT doesn't work
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr  1 14:05:01 1997
>Last-Modified:
>Originator:     Lennart Augustsson
>Organization:
Department of Computing Science, Chalmers University
>Release:        NetBSD-current 970401
>Environment:
System: NetBSD calvin 1.2D NetBSD 1.2D (CALVIN) #156: Tue Apr 1 01:34:57 MEST 1997 augustss@calvin:/usr/src/sys/arch/i386/compile/CALVIN i386


>Description:
	The NAT (Network Address Translation) of the IP filter package
	does not work anymore.

>How-To-Repeat:
	Run the following on a system from BEFORE the new IPF
	package was imported:
	    ifconfig tun0 1.1.1.1 2.2.2.2
	    ipnat -f -
	    map tun0 1.1.1.1/32 -> 3.3.3.3/32
	    ^D
	    dump-tunnel
	    ping 2.2.2.2
	where dump-tunnel is a simple program that opens tun0 and dumps
	the source address of the packets.  The output from dump-tunnel
	in this case will be
	    3.3.3.3
	i.e. the source address got mapped from 1.1.1.1 to 3.3.3.3 just
	as the NAT translation prescribed.

	Now run the same thing on -current and the output will be
	    1.1.1.1
	i.e. the source address remains unchanged.
	
>Fix:
	I don't know.  I was hoping someone more knowledgable about
	the filter package could find it quicker than I could.
	(Hint, hint ...)
>Audit-Trail:
>Unformatted: