NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 2000-08

Subject: Re: Strange ipnat behaviour
From: Pete Fritchman (petefdatabits.net)
Date: Fri Aug 11 2000 - 10:45:53 CDT

Next message: Damien Tougas: "Re: Strange ipnat behaviour"
Previous message: Mike Tancsa: "RE: suidperl exploit"
In reply to: Damien Tougas: "Strange ipnat behaviour"
Next in thread: Damien Tougas: "Re: Strange ipnat behaviour"
Reply: Pete Fritchman: "Re: Strange ipnat behaviour"
Reply: Damien Tougas: "Re: Strange ipnat behaviour"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Since you are pointing the map to a dynamic IP (probably), 0/32, you will have
to run "ipf -y" to refresh the rules whenever your dynamic IP changes.

Regards,
Pete

++ 09/08/00 15:39 -0400 - Damien Tougas:
>Hello,
>
>We are currently running ipnat on FreeBSD version 3.4-Stable, I am not
>sure exactly what version of ipfilter it is, it is the one that comes
>as part of the base OS.
>
>The problem that we are seeing is that for some reason unknown to us,
>nat just stops working. The only way to get it to work again is to
>clear the ipnat tables and rules and re-initialize them using the
>following sequence:
>
>/usr/sbin/ipnat -CF
>/usr/sbin/ipnat -f /etc/rc.nat
>
>After that, everything works just fine.
>The config file we use (rc.nat) is very simple:
>
>map de0 10.0.0.0/8 -> 0/32 portmap tcp/udp 1025:65000
>map de0 10.0.0.0/8 -> 0/32
>
>Could that second line be causing the problem?
>There are currently no ipf rules being used.
>
>We ran a tcpdump on the interface while the problem was occurring,
>just to see what was going on. What we found was that any new
>connections attempted from 10.0.0.0/8 were going through with the ack
>bit set only, it is like the initial packet was somehow blocked. As a
>result, the server we were trying to contact replied with a tcp reset
>since it thought that we were trying to connect to a session that is
>non existent. Our first thought was that we might have ran out of
>ports, but we discovered that there were no more than about 3000
>sessions active at the time.
>
>Any ideas? Is this a bug, or have we mis-configured something?
>
>Thanks for your help.
>
>--
>Damien Tougas
>Carroll-Net, Inc.
>http://www.carroll.com
>
>
>
>
>To Unsubscribe: send mail to majordomoFreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

-- Pete Fritchman <petef

databits.net> Databits Network Services, Inc http://www.databits.net finger: petef

analog.databits.net

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Next message: Damien Tougas: "Re: Strange ipnat behaviour"
Previous message: Mike Tancsa: "RE: suidperl exploit"
In reply to: Damien Tougas: "Strange ipnat behaviour"
Next in thread: Damien Tougas: "Re: Strange ipnat behaviour"
Reply: Pete Fritchman: "Re: Strange ipnat behaviour"
Reply: Damien Tougas: "Re: Strange ipnat behaviour"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]