Subject: kern/19754: ipnat rdr doing strange things
To: None <gnats-bugs@gnats.netbsd.org>
From: None <Mihai.Chelaru@mail.romserv.ro>
List: netbsd-bugs
Date: 01/09/2003 14:32:25
>Number: 19754
>Category: kern
>Synopsis: some rdr rules are working, some are ignored
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jan 09 04:35:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Mihai Chelaru
>Release: NetBSD 1.6
>Organization:
Nobody Inc.
>Environment:
System: NetBSD mail.romserv.ro 1.6 NetBSD 1.6 (GENERIC) #0: Sun Sep 8 19:43:40 UTC 2002 autobuild@tgm.daemon.org:/autobuild/i386/OBJ/autobuild/src/sys/arch/i386/compile/GENERIC i386
Architecture: i386
Machine: i386
>Description:
Some ipnat rdr rules are working some are not. Here is an example:
# cat /etc/ipnat.conf
rdr rtk0 192.168.1.128/26 port 80 -> 127.0.0.1 port 3128 tcp
rdr rtk0 192.168.1.128/26 port 53 -> 127.0.0.1 port 53 tcpudp
map rtk1 192.168.1.128/26 -> 217.10.222.210/32 portmap tcp/udp 40000:60000
map rtk1 192.168.1.128/26 -> 217.10.222.210/32
# ipnat -l | grep RDR
RDR 127.0.0.1 53 <- -> 192.168.1.129 53 [192.168.1.130 65242]
RDR 127.0.0.1 53 <- -> 192.168.1.129 53 [192.168.1.130 65243]
RDR 127.0.0.1 53 <- -> 192.168.1.129 53 [192.168.1.157 1420]
RDR 127.0.0.1 53 <- -> 192.168.1.129 53 [192.168.1.157 1417]
# ipnat -l | grep \ 80\]
MAP 192.168.1.165 1096 <- -> 217.10.222.210 40035 [66.218.66.240 80]
MAP 192.168.1.144 1898 <- -> 217.10.222.210 40032 [213.233.121.3 80]
MAP 192.168.1.157 1410 <- -> 217.10.222.210 40031 [213.233.115.6 80]
On port 3128 is running a squid configured as transparent proxy. The strange thing is that,
after switching rule 1 w/ 2 not even the dns redir. will work.
>How-To-Repeat:
See above.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: