|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: Strange ipnat behaviour
From: Nick Evans (nevans
nextvenue.com)Date: Fri Aug 11 2000 - 11:12:57 CDT
- Next message: Gerhard Sittig: "Re: Unified diff format in output of /etc/security?"
- Previous message: Damien Tougas: "Re: Strange ipnat behaviour"
- Maybe in reply to: Damien Tougas: "Strange ipnat behaviour"
- Next in thread: Gerhard Sittig: "Re: Strange ipnat behaviour"
- Maybe reply: Nick Evans: "RE: Strange ipnat behaviour"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Did you turn on ip forwarding?
-----Original Message-----
From: Damien Tougas [mailto:damiencarroll.com]
Sent: Wednesday, August 09, 2000 3:39 PM
To: freebsd-securityfreebsd.org
Subject: Strange ipnat behaviour
Hello,
We are currently running ipnat on FreeBSD version 3.4-Stable, I am not
sure exactly what version of ipfilter it is, it is the one that comes
as part of the base OS.
The problem that we are seeing is that for some reason unknown to us,
nat just stops working. The only way to get it to work again is to
clear the ipnat tables and rules and re-initialize them using the
following sequence:
/usr/sbin/ipnat -CF
/usr/sbin/ipnat -f /etc/rc.nat
After that, everything works just fine.
The config file we use (rc.nat) is very simple:
map de0 10.0.0.0/8 -> 0/32 portmap tcp/udp 1025:65000
map de0 10.0.0.0/8 -> 0/32
Could that second line be causing the problem?
There are currently no ipf rules being used.
We ran a tcpdump on the interface while the problem was occurring,
just to see what was going on. What we found was that any new
connections attempted from 10.0.0.0/8 were going through with the ack
bit set only, it is like the initial packet was somehow blocked. As a
result, the server we were trying to contact replied with a tcp reset
since it thought that we were trying to connect to a session that is
non existent. Our first thought was that we might have ran out of
ports, but we discovered that there were no more than about 3000
sessions active at the time.
Any ideas? Is this a bug, or have we mis-configured something?
Thanks for your help.
-- Damien Tougas Carroll-Net, Inc. http://www.carroll.comTo Unsubscribe: send mail to majordomo
To Unsubscribe: send mail to majordomo
- Next message: Gerhard Sittig: "Re: Unified diff format in output of /etc/security?"
- Previous message: Damien Tougas: "Re: Strange ipnat behaviour"
- Maybe in reply to: Damien Tougas: "Strange ipnat behaviour"
- Next in thread: Gerhard Sittig: "Re: Strange ipnat behaviour"
- Maybe reply: Nick Evans: "RE: Strange ipnat behaviour"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]