>Number:         10492
>Category:       kern
>Synopsis:       ipnat multiple port redirects broken in 1.5_ALPHA
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 01 22:48:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Christopher SEKIYA
>Release:        20000630
>Organization:
tuug.net
>Environment:
	
System: NetBSD gateway 1.5_ALPHA NetBSD 1.5_ALPHA (GATEWAY) #0: Fri Jun 30 20:18:37 JST 2000 wileyc@gateway:/usr/src/sys/arch/i386/compile/GATEWAY i386


>Description:
With 1.4X, I could redirect two or more ports from the NAT box's external       
interface to a box on the private network by doing this:                        
                                                                                
        rdr ep0 0.0.0.0/0 port 80 -> 192.168.10.8 port 80 tcp                   
        rdr ep0 0.0.0.0/0 port 25 -> 192.168.10.8 port 25 tcp                   
                                                                                
With 1.5_ALPHA, the first redirect works, but all subsequent redirects with     
that external/internal IP pair (no matter what the port pair may be) fail with  
an EEXIST.                                                                      
>How-To-Repeat:
echo "rdr ep0 0.0.0.0/0 port 80 -> 192.168.10.8 port 80 tcp" | ipnat -f -
echo "rdr ep0 0.0.0.0/0 port 25 -> 192.168.10.8 port 25 tcp" | ipnat -f -
>Fix:
Add unique port check to sys/netinet/ip_nat.c around line 428?
>Release-Note:
>Audit-Trail:
>Unformatted: