NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/52074: -current npf map directive broken

    Date:        Sun, 07 May 2017 23:07:42 +0200
    From:        Frank Kardel <>
    Message-ID:  <>

  | From what I understand  this code originally attempted to avoid sending 
  | from invalid/unusable local address (e. g. duplicate IP - error, 
  | tentative and detached should just be dropped).

You also shouldn't be able to send from an address you don't own
(generally - a router has to be able to forward, as distinct from
originate, packets from anywhere of course).

Maybe you could explain what you're trying to achieve, rather than
worry too much (right now) at some particular kernel test which seems
to be defeating the way you are currently trying to accomplish that.

If your aim is to have machine "B" (the router/NAT box) from your
later e-mail example, intercept SMTP (and perhaps other) connection
attempts that your internal system (A) is attempting to make to
some external system (C) - so that the connection is handled by B
instead (acting as a proxy) then I suspect that someone can share
a config which accomplishes that ... but I very much doubt it will
involve something so weird as attempting to NAT into the loopback address.

If you have some other aim, explain it, and someone can probably
show how to accomplish it.   But please explain the objective, not
the technique you believe you can use to meet that objective.

Once we know what it is you want to do, it is still possible that
kernel (or other) changes might be needed to accomplish it (or it
might just not be possible at all), but if changes are needed the
right ones to make could be somewhere quite different from what
you have been concentrating on.


ps: this issue is of course totally unrelated to the other question of
whether tentative addresses should be considered invalid, which certainly
has nothing to do with your problem.

Home | Main Index | Thread Index | Old Index