NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/39520: IPNAT fails to consistently handle FTP sessions
The following reply was made to PR bin/39520; it has been noted by GNATS.
From: Peter Eisch <peter%boku.net@localhost>
To: <gnats-bugs%NetBSD.org@localhost>
Cc:
Subject: Re: bin/39520: IPNAT fails to consistently handle FTP sessions
Date: Tue, 16 Sep 2008 14:02:38 -0500
Here is a trace of the offending packet.
13:51:46.838452 IP (tos 0x0, ttl 63, id 36513, offset 0, flags [DF],
length: 67) BB.BB.BBB.BBB.58359 > CCC.CCC.CC.C.21: P [tcp sum ok] 30:57(27)
ack 120 win 5840
0x0000: 4500 0043 8ea1 4000 3f06 9b94 205b f382 E..C..@.?....[..
0x0010: 9d9a 6007 e3f7 0015 a702 697e 320e c650 ..`.......i~2..P
0x0020: 5018 16d0 e2ce 0000 504f 5254 2032 3036 P.......PORT.AAA
0x0030: 2c39 2c33 342c 3135 302c 3232 372c 3235 ,A,AA,AAA,227,25
0x0040: 310d 0a 1..
13:51:46.949262 IP (tos 0x0, ttl 57, id 7011, offset 0, flags [none],
length: 66) CCC.CCC.CC.C.21 > BB.BB.BBB.BBB.58359: P [tcp sum ok]
120:146(26) ack 57 win 11468
0x0000: 4500 0042 1b63 0000 3906 54d4 9d9a 6007 E..B.c..9.T...`.
0x0010: 205b f382 0015 e3f7 320e c650 a702 6999 .[......2..P..i.
0x0020: 5018 2ccc 7a97 0000 3530 3020 496c 6c65 P.,.z...500.Ille
0x0030: 6761 6c20 504f 5254 2043 6f6d 6d61 6e64 gal.PORT.Command
0x0040: 0d0a ..
The NAT rules for this are:
map vlan150 from AAA.A.AA.AAA/32 to CCC.CCC.CC.C/32 -> BB.BB.BBB.BBB/32
proxy port ftp ftp/tcp
map vlan150 from AAA.A.AA.AAA/32 to CCC.CCC.CC.C/32 -> BB.BB.BBB.BBB/32
portmap tcp/udp 40000:60000
map vlan150 from AAA.A.AA.AAA/32 to CCC.CCC.CC.C/32 -> BB.BB.BBB.BBB/32
The topology for this is:
(wm1) (wm2)
+--------+ vlan154-vlan150 +--------+
| client |---->| nbrtr |----->| server |
+--------+ +------NAT +--------+
Again, this problem only happens for one out of every 5-8 sessions. The
successful sessions correctly insert the BB.BB.BBB.BBB address in the PORT
command.
Home |
Main Index |
Thread Index |
Old Index