Re: ipfilter/ipnat 3.4.35 and udp-traceroute problem
From: Pawel Malachowski (pawmal-posting_at_freebsd.lublin.pl)
Date: 08/09/04
- Previous message: Nickolay A. Kritsky: "Re[2]: retransmissions with bge driver?"
- In reply to: Pawel Malachowski: "ipfilter/ipnat 3.4.35 and udp-traceroute problem"
- Next in thread: Pawel Malachowski: "Re: ipfilter/ipnat 3.4.35 and udp-traceroute problem"
- Reply: Pawel Malachowski: "Re: ipfilter/ipnat 3.4.35 and udp-traceroute problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 9 Aug 2004 18:37:39 +0200 To: darrenr@freebsd.org
On Fri, Aug 06, 2004 at 12:54:08AM +0200, Pawel Malachowski wrote:
> I can see weird behavior of this command:
> traceroute -s privateIP -P UDP dst
> Outgoing UDP packets are translated, ICMP time-exceded message comes back,
> but traceroute shows '* * *'. ;)
v3.4.35 import breaks things on my RELENG_4 box. FYI:
With this ruleset, UDP-traceroute doesn't work (ICMP- works):
map fxp0 172.27.201.1/24 -> public/32 proxy port ftp ftp/tcp
map fxp0 172.27.201.1/24 -> public/32 portmap tcp/udp auto
map fxp0 172.27.201.1/24 -> public/32
% traceroute -s 172.27.201.1 -P udp www.yahoo.com
traceroute to www.yahoo.akadns.net (216.109.118.74) from 172.27.201.1, 64 hops max, 44 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * *^C
% traceroute -s 172.27.201.1 -P icmp www.yahoo.com
traceroute to www.yahoo.akadns.net (216.109.118.79) from 172.27.201.1, 64 hops max, 64 byte packets
[...]
5 do-war-tr4.tptransit.pl (195.149.232.141) 43.909 ms 36.962 ms 28.713 ms
6 war-b1-pos14-0.telia.net (213.248.79.13) 32.929 ms 45.965 ms 45.940 ms
7 hbg-bb2-pos3-2-0.telia.net (213.248.65.33) 41.702 ms 37.646 ms 47.247 ms
8 kbn-bb2-pos1-2-0.telia.net (213.248.65.126) 45.860 ms 51.259 ms 36.435 ms
9 nyk-bb2-pos5-0-0.telia.net (213.248.64.34) 138.898 ms 136.887 ms^C
% ipnat -s
mapped in 246213324 out 246453277
added 6502341 expired 6484448
no memory 0 bad nat 530817
inuse 6210
rules 51
wilds 0
After switching map from /24 to /32, it works just fine:
map fxp0 172.27.201.1/32 -> public/32 proxy port ftp ftp/tcp
map fxp0 172.27.201.1/32 -> public/32 portmap tcp/udp auto
map fxp0 172.27.201.1/32 -> public/32
% traceroute -s 172.27.201.1 -P udp www.yahoo.com
traceroute to www.yahoo.akadns.net (216.109.117.110) from 172.27.201.1, 64 hops max, 44 byte packets
[...]
5 do-war-tr4.tptransit.pl (195.149.232.141) 27.782 ms 55.108 ms 26.856 ms
6 war-b1-pos14-0.telia.net (213.248.79.13) 21.830 ms 34.968 ms 20.804 ms
7 hbg-bb1-pos1-2-0.telia.net (213.248.64.201) 51.748 ms 82.144 ms 74.826 ms
8 kbn-bb1-pos1-2-0.telia.net (213.248.65.145) 108.766 ms 129.979 ms 77.827 ms
9 nyk-bb1-pos0-1-0.telia.net (213.248.64.22) 206.748 ms 125.975 ms 125.788 ms
^C
> Another interesting thing:
> % ipf -V
> ipf: IP Filter: v3.4.31 (336) <=
> Kernel: IP Filter: v3.4.35
> [...]
> % grep -i ver /usr/src/contrib/ipfilter/ipl.h
> #define IPL_VERSION "IP Filter: v3.4.31"
>
> Newer ipl.h sits happily in vendor branch.
regards,
-- Paweł Małachowski _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Nickolay A. Kritsky: "Re[2]: retransmissions with bge driver?"
- In reply to: Pawel Malachowski: "ipfilter/ipnat 3.4.35 and udp-traceroute problem"
- Next in thread: Pawel Malachowski: "Re: ipfilter/ipnat 3.4.35 and udp-traceroute problem"
- Reply: Pawel Malachowski: "Re: ipfilter/ipnat 3.4.35 and udp-traceroute problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
