Subject: kern/12443: machine hangs with FTP from behind NAT
To: None <gnats-bugs@gnats.netbsd.org>
From: Hubert Feyrer <hubert@feyrer.de>
List: netbsd-bugs
Date: 03/21/2001 03:20:11 
>Number:         12443
>Category:       kern
>Synopsis:       machine hangs with FTP from behind NAT
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 20 18:21:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Hubert Feyrer
>Release:        netbsd-1-5 branch sources from today (20010320)
>Organization:
bla!
>Environment:
	
System: NetBSD miyu 1.5.1_ALPHA NetBSD 1.5.1_ALPHA (MIYU) #3: Wed Mar 21 03:03:42 MET 2001 feyrer@miyu:/usr/cvs/src-1.5/sys/arch/i386/compile/MIYU i386


>Description:

The following is with today's sources from the netbsd-1-5 branch:

Having one PC setup as NAT/gateway who does PPPoE, and using another
PC that's attached to a second ethernet card. Starting a FTP transfer
from the other PC, the gateway hangs. It does not crash or panic and 
isn't totally catatonic either: Having no getty running on ttyE0, I
can still type chars, press ^T to get load, but cannot switch to other
VCs (either text or graphics). The machine also stops forwarding 
packets. Jumping into DDB brings about the same trace each time, with
the system looping in ippr_ftp_process():

10-finger-dump:
	db> t
	cpu_Debugger()
	internal_command()
	wskbd_translate()
	wskbd_input()
	wskbd_input()
	pckbcintr()
	Xintr1()
	--- interrupt ---
	ippr_ftp_process() at ... + 0x1bc
	ippr_ftp_in()
	appr_check()
	ip_natin()
	fr_check()
	ip_input()
	ipintr()
	Xsoftnet()
	...

The machine's config is as follows:

miyu% cat /etc/ipf.conf | grep -v ^#
pass out log from any to any                            # Allow all out
pass in  log from any to any                            # Log all
block return-rst in log on ppp0 proto tcp from any to any port = 23
block return-rst in log on ppp0 proto tcp from any to any port = 22
pass in log on ppp0 proto tcp from XXX.XXX.XXX.XXX to any port = 22 keep state     
pass in log on ppp0 proto tcp from XXX.XXX.XXX.XXX to any port = 22 keep state    

(IP#s XXXd here manually for the PR!)

miyu% cat /etc/ipnat.conf 
map ppp0 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
map ppp0 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
map ppp0 10.0.0.0/24 -> 0/32


>How-To-Repeat:
	setup machine as above, start FTP transfer from client behind
	NAT. See machine freeze.

>Fix:
	unknown.
	Look at ippr_ftp_process().
>Release-Note:
>Audit-Trail:
>Unformatted: