netbsd-bugs: kern/26734: ipnat fromto directive issue

Subject: kern/26734: ipnat fromto directive issue
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <kefren@netbsd.ro>
List: netbsd-bugs
Date: 08/23/2004 00:18:43
>Number:         26734
>Category:       kern
>Synopsis:       egress incoming packets voids when ipnat is configured with fromto directive
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 22 21:29:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Mihai CHELARU
>Release:        NetBSD 2.0_BETA
>Organization:
	
>Environment:
	
	
System: NetBSD mammut.acasa.ro 2.0_BETA NetBSD 2.0_BETA (Kefren.MAMMUT.MP) #14: Sun Aug 22 23:39:41 EEST 2004 root@mammut.acasa.ro:/sys/arch/i386/compile/Kefren.MAMMUT.MP i386
Architecture: i386
Machine: i386
>Description:
	

	ipnat.conf:

map gif1 from 192.168.1.0/24 to 10.0.0.0/8 -> 14.0.0.6 portmap tcp/udp 40000:60000 mssclamp 1200
map gif1 from 192.168.1.0/24 to 10.0.0.0/8 -> 14.0.0.6 mssclamp 1200

map tl0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000 mssclamp 1400
map tl0 192.168.1.0/24 -> 0/32 mssclamp 1400


	ifconfig -a:

tl0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        address: 00:80:5f:bb:c7:93
        media: Ethernet 10baseT
        status: active
        inet 83.103.228.200 netmask 0xfffff000 broadcast 83.103.239.255
        inet6 fe80::280:5fff:febb:c793%tl0 prefixlen 64 scopeid 0x1
ex0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        capabilities=7<IP4CSUM,TCP4CSUM,UDP4CSUM>
        enabled=7<IP4CSUM,TCP4CSUM,UDP4CSUM>
        address: 00:04:76:97:11:76
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::204:76ff:fe97:1176%ex0 prefixlen 64 scopeid 0x2
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33196
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 83.103.228.200 --> 80.86.112.166
        inet6 2001:470:1f01:356:ffff::6 -> 2001:470:1f01:356:ffff::5 prefixlen 128
        inet6 fe80::280:5fff:febb:c793%gif0 ->  prefixlen 64 scopeid 0x6
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 83.103.228.200 --> 193.28.151.5
        inet 14.0.0.6 -> 14.0.0.5 netmask 0xfffffffc
        inet6 fe80::280:5fff:febb:c793%gif1 ->  prefixlen 64 scopeid 0x7

	
	Relevant lines from route -n show:

default           83.103.224.1       UG
10.0.0.0/8        14.0.0.5           UG

	From 192.168.1.49 I ping 10.10.255.1 and I get no replies.

	During this tcpdump on gif1:

00:13:06.765381 10.10.255.1 > 14.0.0.6: icmp: echo reply seq 901 (ttl 252, id 20723, len 84)
00:13:07.730184 14.0.0.6 > 10.10.255.1: icmp: echo request seq 902 (ttl 254, id 20726, len 84)

	tcpdump on ex0 (directly connected to 192.168.1.49):

00:16:33.724643 192.168.1.49 > 10.10.255.1: icmp: echo request seq 1108 (ttl 255, id 21679, len 84)
00:16:34.725537 192.168.1.49 > 10.10.255.1: icmp: echo request seq 1109 (ttl 255, id 21683, len 84)
00:16:35.725414 192.168.1.49 > 10.10.255.1: icmp: echo request seq 1110 (ttl 255, id 21686, len 84)

	So no replies. The packets looks lost into this machine in between gif1 and ex0.
	Also I did a tcpdump on tl0 but nothing remarkable to show. No filters are applied.

>How-To-Repeat:
	
	See above.
>Fix:
	
>Release-Note:
>Audit-Trail:
>Unformatted: