Date: Tue, 14 Jul 2009 23:55:34 +0300 From: Dmitriy Demidov <dima_bsd@inbox.lv> To: freebsd-ipfw@freebsd.org Subject: ipfw nat and localy initiated UDP traffic Message-ID: <200907142355.34973.dima_bsd@inbox.lv>
next in thread | raw e-mail | index | archive | help
Hi list. I have a problems with ipfw nat. It makes me crazy (I realy have no idea how to troubleshoot this problem). Looks like ipfw nat do not pass through itself localy initiated UDP traffic! Is there any hint that I do not know about ipfw nat? Any clue please :( ipfw configuration: (fxp0 - is local network, and em0 is ISP side) === add allow ip from any to any via fxp0 add allow udp from any 68 to any 67 add allow udp from any 67 to any 68 nat 1 config log if em0 reset same_ports deny_in add nat 1 all from any to any via em0 === When I start nslookup and do queue from NAT machine, I got: === (tcpdump on em0) 23:24:10.591959 IP (tos 0x0, ttl 64, id 2646, offset 0, flags [none], proto UDP (17), length 64) 87.110.118.70.52697 > 91.198.156.20.53: 58731+ A? forums.freebsd.org. (36) 23:24:15.591009 IP (tos 0x0, ttl 64, id 2647, offset 0, flags [none], proto UDP (17), length 64) 87.110.118.70.52697 > 91.198.156.20.53: 58731+ A? forums.freebsd.org. (36) 23:24:20.591563 IP (tos 0x0, ttl 64, id 2674, offset 0, flags [none], proto UDP (17), length 64) 87.110.118.70.52697 > 91.198.156.20.53: 58731+ A? forums.freebsd.org. (36) (nslookup) > server Default server: 91.198.156.20 Address: 91.198.156.20#53 > forums.freebsd.org. ;; connection timed out; no servers could be reached === In the same time, if I make a queue from machine that is in 192.168.1.0/24 network (behind nat) I got correct result: === (tcpdump on em0) 23:24:59.360796 IP (tos 0x0, ttl 63, id 581, offset 0, flags [none], proto UDP (17), length 64) 87.110.118.70.61735 > 91.198.156.20.53: 16871+ A? forums.freebsd.org. (36) 23:25:01.052611 IP (tos 0x0, ttl 60, id 49380, offset 0, flags [none], proto UDP (17), length 224) 91.198.156.20.53 > 87.110.118.70.61735: 16871 2/3/3 forums.freebsd.org. CNAME[|domain] (nslookup) > server Default server: 91.198.156.20 Address: 91.198.156.20#53 > forums.freebsd.org. Server: 91.198.156.20 Address: 91.198.156.20#53 Non-authoritative answer: forums.freebsd.org canonical name = freebsd-forums.liquidneon.com. Name: freebsd-forums.liquidneon.com Address: 149.20.54.209 === On NAT machine I'm using FreeBSD 7.2-STABLE (FreeBSD 7.2-STABLE #0: Wed Jun 24 12:59:06 EEST 2009 i386). GENERIC kernel with extra options: === options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=10 options IPFIREWALL_NAT options LIBALIAS options DUMMYNET options HZ="1000" device vlan ===
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200907142355.34973.dima_bsd>