Subject: kern/11133: 1.5E NAT freezing
To: None <firstname.lastname@example.org>
From: None <email@example.com>
Date: 10/04/2000 13:57:10
>Synopsis: Clients are able to freeze systems running IPNAT
>Arrival-Date: Wed Oct 04 13:57:00 PDT 2000
>Originator: Jared D. McNeill
>Release: Appx. Aug. 7, 2000
System: NetBSD blackhole.invisible.ca 1.5E NetBSD 1.5E (BLACKHOLE) #0: Sun Aug 27 05:12:33 ADT 2000 jmcneill@sun:/usr/src/sys/arch/i386/compile/BLACKHOLE i386
It's possible to completely lock a system running ipnat and ftp proxying on
Using CuteFTP 4.2 beta on the Windows box, I FTP'd through the NAT to a
Windows box down the road, IP address 10.160.61.178. When I
connect to it from the NAT itself, I get the following response:
blackhole:~$ ftp 10.160.61.178
Connected to 10.160.61.178.
220-Wolfpac Industries FTP service
WarFTPd 1.70.b01.04 (Aug 18 1998) Ready
(C)opyright 1996 - 1998 by Jarle (jgaa) Aase - all rights reserved.
220 Please enter your user name.
However, whenever I connect to it through the NAT with CuteFTP, the NAT
locks. I haven't tested with any other clients; I don't enjoy pressing the
reset button every few minutes.
IP Filter: v3.4.9 initialized. Default = pass all, Logging = enabled
map ep0 192.168.0.0/24 -> 10.160.21.130/32 proxy port ftp ftp/tcp
map ep0 192.168.0.0/24 -> 10.160.21.130/32 portmap tcp/udp 30000:60000
map ep0 192.168.0.0/24 -> 10.160.21.130/32