Re: kern/38773: ipf/ipnat broken in 4.99.63

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

The following reply was made to PR kern/38773; it has been noted by GNATS.

From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: kern-bug-people%NetBSD.org@localhost, gnats-admin%NetBSD.org@localhost, 
netbsd-bugs%NetBSD.org@localhost
Subject: Re: kern/38773: ipf/ipnat broken in 4.99.63
Date: Wed, 28 May 2008 21:18:33 +0200

 On Wed, May 28, 2008 at 12:15:00AM +0000, paul%whooppee.com@localhost wrote:
 > >Description:
 > The recent import of ipf appears broken.
 > 
 > With no ipf rules defined, but with ipnat enabled, I am unable to ssh from 
 > another machine into the 4.99.63 box.  SSH -d shows that the TCP session is 
 > established, but fails during the key exchange.  I can open an ftp session 
 > but unable to perform an ls.  ICMP pings are properly responded to.  NFS 
 > mounts of remote file systems also work, but any attempt to to a 'df' or to 
 > otherwise access the mounted directory fails.
 > 
 > I'm suspecting a problem with packet size, but am unable to confirm.  I have 
 > had to revert this machine back to 4.99.62 (from May 14th) since I cannot 
 > disable ipnat (my VoIP gateway needs an IP address).
 
 FWIW, my home gateway is running 4.99.63 with the new ipfilter and it's
 no worse than the ipfilter that was in 4.99.62 (it's even sightly better).
 I can reach it via ssh, ftp or http without troubles.
 I'm also using ipf+ipnat.
 
 -- 
 Manuel Bouyer <bouyer%antioche.eu.org@localhost>
      NetBSD: 26 ans d'experience feront toujours la difference
 --