Subject: bin/29339: ipf 4.1.5's ipnat(8) doesn't properly list some NAT rules
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <gcw@primenet.com.au>
List: netbsd-bugs
Date: 02/12/2005 06:08:00
>Number: 29339
>Category: bin
>Synopsis: ipnat(8) in ipf 4.1.5 doesn't properly list some types of NAT rules
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Feb 12 06:08:00 +0000 2005
>Originator: Geoff C. Wing
>Release: NetBSD 2.99.15 (2005-02-10)
>Organization:
>Environment:
System: NetBSD g.primenet.com.au 2.99.15 NetBSD 2.99.15 (G) #0: Fri Feb 11 14:38:05 EST 2005 gcw@g.primenet.com.au:/usr/netbsd/src/sys/arch/i386/compile/G i386
Architecture: i386
Machine: i386
>Description:
Certain NAT rules aren't listed by ipnat(8) properly though they
function correctly.
e.g. the following two rules allow an MSWindows L2TP connection past
my NAT'ing NetBSD box:
map pppoe0 192.168.1.0/24 -> 0.0.0.0/32 proxy port isakmp ipsec/udp
map pppoe0 from 192.168.1.0/24 port = 4500 to any -> 0.0.0.0/32
but "ipnat -l" says
map pppoe0 192.168.1.0/24 -> 0.0.0.0/32 proxy port isakmp ipsec/udp
map pppoe0 from 192.168.1.0/24 to any -> 0.0.0.0/32
Note the "port = 4500" part is missing.
>How-To-Repeat:
See up.
>Fix:
? (haven't looked)