Subject: kern/14319: NAT with only one physical interface uses wrong src-addr on "inside".
To: None <gnats-bugs@gnats.netbsd.org>
From: None <johani@autonomica.se>
List: netbsd-bugs
Date: 10/21/2001 15:12:56
>Number: 14319
>Category: kern
>Synopsis: NAT with only one physical interface is broken.
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Oct 21 06:13:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Johan Ihren
>Release: 1.5X, August 7, 2001
>Organization:
Autonomica AB
>Environment:
i386,
System: NetBSD snout.autonomica.se 1.5X NetBSD 1.5X (SNOUT) #41: Thu Sep 27 22:10:40 CEST 2001 johani@snout.autonomica.se:/usr/store/source/netbsd/kernels.i386/SNOUT i386
Architecture: i386
Machine: i386
>Description:
Presently it is (as far as I can tell) impossible to use NAT with
only one physical interface since the NAT gets confused over which
source address to use when communicating with hosts on the "inside".
>How-To-Repeat:
ifconfig ep0 192.168.1.1/24
ifconfig ep0 10.1.1.1/24
Use an ipnat.conf somewhat like this:
#!/usr/sbin/ipnat -v -f -
map ep0 192.168.1.0/24 -> 10.1.1.1/32 portmap tcp/udp 40000:60000
map ep0 192.168.1.0/24 -> 10.1.1.1/32
map ep0 192.168.1.0/24 -> 10.1.1.1/32 proxy port ftp ftp/tcp
The try pinging (from another box) the 192.168.1.1 address and se
return packets from 10.1.1.1.
As soon as the NAT is turned off (by ipnat -C) the source address
changes to the (correct) 192.168.1.1.
>Fix:
Don't know.
>Release-Note:
>Audit-Trail:
>Unformatted: