tech-net: Odd problem with ipnat and redirects...

Subject: Odd problem with ipnat and redirects...
To: None <tech-net@netbsd.org>
From: None <gnn@nominum.com>
List: tech-net
Date: 03/29/2004 16:51:23
Hi,

	I'm working on a product that uses NetBSD 1.6.2 to do a
	transparent tcp proxy through a program.  The box has two
	interfaces, (the idea is to load balance, and no it's not my
	idea, so don't blame me, I'm just debugging this thing) and
	everything is fine on the first interface but on the second
	interface SYNs that hit the filter are replied to with a
	source address of 127.0.0.1.  The filter rules are pretty
	simple:

rdr bge0 0.0.0.0/0 port domain -> 127.0.0.1 port domainproxy tcp
rdr bge1 0.0.0.0/0 port domain -> 127.0.0.1 port domainproxy tcp

	The ipnat is seeing the connection attempts:

# /usr/sbin/ipnat -l
List of active MAP/Redirect filters:
rdr bge0 0.0.0.0/0 port 53 -> 127.0.0.1 port 553 tcp
rdr bge1 0.0.0.0/0 port 53 -> 127.0.0.1 port 553 tcp

List of active sessions:
RDR 127.0.0.1       553   <- -> 140.174.164.2   53    [128.177.197.99 64940]
RDR 127.0.0.1       553   <- -> 140.174.164.2   53    [128.177.197.99 64941]
RDR 127.0.0.1       553   <- -> 140.174.164.2   53    [128.177.197.35 50994]
RDR 127.0.0.1       553   <- -> 140.174.164.2   53    [128.177.197.35 50995]
RDR 127.0.0.1       553   <- -> 140.174.164.2   53    [128.177.197.35 50996]

	but the program, which is managed by inetd, is never started.
	A packet trace shows this:

01:33:51.543687 128.177.197.99.64939 > 140.174.164.2.53: S 3061185575:3061185575(0) win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0>
01:33:51.547568 127.0.0.1.553 > 128.177.197.99.64939: S 1729469350:1729469350(0) ack 3061185576 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0>
01:33:54.545922 127.0.0.1.553 > 128.177.197.99.64939: S 1729469350:1729469350(0) ack 3061185576 win 16384 <mss 1460,nop,wscale 0,nop,nop,timestamp 6 0>

	And the routes are like this:

default            128.177.197.13     UGS         2     3019      -  bge0
81.200.64.181      128.177.197.14     UGHD        1       69      -  bge0
127                127.0.0.1          UGRS        0        0  33220  lo0
127.0.0.1          127.0.0.1          UH          1      218  33220  lo0
128.177.197/28     link#1             UC          4        0      -  bge0
128.177.197.64/28  link#2             UC          2        0      -  bge1

	Any thoughts?  I scowered google to no avail, and have yet to
	try to read through the filter hook code.

Thanks,
George