5.1-RC1: NAT redirect fails

To: <tech-net%netbsd.org@localhost>
Subject: 5.1-RC1: NAT redirect fails
From: Jeff Wyman <wysoft%hotmail.com@localhost>
Date: Thu, 6 May 2010 21:36:58 +0000

I have a system doing some simple routing, including one NAT redirect 
for port forwarding. Last weekend I updated this system to 5.1-RC1 using
 the stable branch. Since then, it seems that the NAT redirect no longer
 works. I don't know if there's another reason why it's stopped working,
 but the update is the only thing that's changed on this system since I 
last successfully connected to the forwarded port via the redirect rule.

First,
 the port being forwaded to on the internal network has been verified to
 be open and responding to connections, so this is not the issue.

What
 I found when trying to connect to forwarded port 5903 (IP addresses 
edited for privacy):

From 'ipmon -a |grep 5903':


05/05/2010
 22:54:39.942819 @3 NAT:RDR 192.168.1.10,5900 <- -> 
24.16.xxx.xxx,5903 [76.121.xxx.xxx,53709 PR tcp]
05/05/2010 
22:54:39.942854 @3 NAT:DESTROY 192.168.1.10,5900 <- -> 
24.16.xxx.xxx,5903 [76.121.xxx.xxx,53709 PR tcp]


Then, I tried 
opening the connection again and running 'ipnat -l'. It briefly displays
 the redirected connection, then reissuing the command immediately 
produced interesting output:


(11:wysoft)-~>> ipnat -l
List
 of active MAP/Redirect filters:
map fxp0 192.168.1.0/24 -> 
0.0.0.0/32 portmap tcp 10000:20000
map fxp0 192.168.1.0/24 -> 
0.0.0.0/32
rdr fxp0 24.16.xxx.xxx/32 port 5903 -> 192.168.1.10 
port 5900 tcp

List of active sessions:
MAP 192.168.1.10    
5900  <- -> 24.16.xxx.xxx    18997 [76.121.xxx.xxx 53716]
(12:wysoft)-~>>
 ipnat -l
List of active MAP/Redirect filters:
unknown value for 
in_redir: 0
  0.0.0.0/0 -> 0.0.0.0/0

List of active 
sessions:
unknown(0000) 0.0.0.0         <- -> 0.0.0.0         
[0.0.0.0]
(13:wysoft)-~>>


Not sure what else to do 
at this point other than move back to release sources possibly. But if 
there's a bug to be found, I figure I should mention this.

Thanks,
Jeff                                      
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5

Follow-Ups:
- Re: 5.1-RC1: NAT redirect fails
  - From: Matthew Mondor

Prev by Date: Re: How do I keep an inet6 address from being added to an interface?
Next by Date: NetBSD 5.1 RC1 wm0 with Xen 4.0.0
Previous by Thread: How do I keep an inet6 address from being added to an interface?
Next by Thread: Re: 5.1-RC1: NAT redirect fails
Indexes:

Home | Main Index | Thread Index | Old Index