kern/41074: ipnat kills NFS connections

[louis%zabrico.com@localhost]

>Number:         41074
>Category:       kern
>Synopsis:       ipnat kills NFS connections
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 25 20:30:01 +0000 2009
>Originator:     Louis Guillaume
>Release:        NetBSD 5.0_RC2
>Organization:
>Environment:
NetBSD xxxxxxxxxx 5.0_RC2 NetBSD 5.0_RC2 (GENERIC) #1: Thu Mar 19 13:39:03 EDT 
2009  louis@xxxxxxxxxxxx:/usr/obj/sys/arch/i386/compile/GENERIC i386
>Description:
On a freshly installed machine (sources from the netbsd-5 branch) I notice that 
NFS services are killed upon the loading of NAT rules...

Installing NAT rules ... 0 entries flushed from NAT table
nfs server 192.168.1.110:/export/isis/root: not responding 


This happens on a net-booted system with ipfilter. The same system running 
netbsd-4 with identical NAT rules does not have this problem. There is only one 
NAT rule on this system:

  map sip0 192.168.0.0/24 -> 0/32

If ipnat is started after boot, the NAT system works and traffic going out 
through sip0 is properly translated. Machines on the "inside" can see out, but 
at the same time the NFS services are dropped.
>How-To-Repeat:
1. Boot up a NetBSD 5.0_RC2
2. mount an NFS share
3. Start ipnat with the rule shown above.
4. See NFS break.

Try to reproduce the problem on netbsd-4 and see that you can't.


>Fix: