Subject: ipnat rdr problems...
To: None <tech-net@netbsd.org>
From: None <gnn@nominum.com>
List: tech-net
Date: 03/29/2004 21:28:06
Hi,

	I'm working on debugging a product build on top of NetBSD
	1.6.2.  The particular problem is that the following nat
	rules:

rdr bge0 0.0.0.0/0 port domain -> 127.0.0.1 port domainproxy tcp 
rdr bge1 0.0.0.0/0 port domain -> 127.0.0.1 port domainproxy tcp 

	cause a problem when packets are recieved on the bge1
	(i.e. second) interface.  The first interface works fine (it
	connects the TCP stream to a program doing proxying from
	inetd.conf) but when the TCP SYN is received on bge1 the
	machine's replying SYN has an ip source of 127.0.0.1 which is
	wrong.

	The routing table looks like this:

Destination        Gateway            Flags     Refs     Use    Mtu  Interface
default            128.177.197.13     UGS         0     3038      -  bge0
81.200.64.181      128.177.197.14     UGHD        1      139      -  bge0
127                127.0.0.1          UGRS        0        0  33220  lo0
127.0.0.1          127.0.0.1          UH          1      226  33220  lo0
128.177.197/28     link#1             UC          4        0      -  bge0
128.177.197.64/28  link#2             UC          2        0      -  bge1

	And the ipnat -l output looks like this:


# /usr/sbin/ipnat -l
List of active MAP/Redirect filters:
rdr bge0 0.0.0.0/0 port 53 -> 127.0.0.1 port 553 tcp
rdr bge1 0.0.0.0/0 port 53 -> 127.0.0.1 port 553 tcp

List of active sessions:
RDR 127.0.0.1       553   <- -> 140.174.164.2   53    [128.177.197.99.64937]


	I have not started tracing through the network code yet but I
	figure there is an issue with tracking the interface that a
	packet came in on.  BTW IPSec is not enabled, if that matters.

Thanks for any info,
George