From owner-freebsd-net@freebsd.org Mon Mar 4 10:43:35 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 512D2150BC0A for ; Mon, 4 Mar 2019 10:43:35 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from kagate.punkt.de (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 05FB992BC9 for ; Mon, 4 Mar 2019 10:43:28 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from hugo10.ka.punkt.de (hugo10.ka.punkt.de [217.29.44.10]) by gate2.intern.punkt.de with ESMTP id x24AhKso045495 for ; Mon, 4 Mar 2019 11:43:20 +0100 (CET) Received: from [217.29.44.250] ([217.29.44.250]) by hugo10.ka.punkt.de (8.14.2/8.14.2) with ESMTP id x24AhKpG074791 for ; Mon, 4 Mar 2019 11:43:20 +0100 (CET) (envelope-from hausen@punkt.de) From: "Patrick M. Hausen" Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\)) Subject: TCP-forwarding with netcat - weird failures ... Message-Id: Date: Mon, 4 Mar 2019 11:43:20 +0100 To: FreeBSD Net X-Mailer: Apple Mail (2.3445.9.1) X-Rspamd-Queue-Id: 05FB992BC9 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of hausen@punkt.de designates 217.29.33.131 as permitted sender) smtp.mailfrom=hausen@punkt.de X-Spamd-Result: default: False [-3.08 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.984,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:217.29.32.0/20]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; DMARC_NA(0.00)[punkt.de]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[mailin.pluspunkthosting.de,mailin.pluspunkthosting.de]; NEURAL_HAM_SHORT(-0.82)[-0.818,0]; RCVD_IN_DNSWL_NONE(0.00)[131.33.29.217.list.dnswl.org : 127.0.10.0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(-0.47)[ipnet: 217.29.32.0/20(-1.30), asn: 16188(-1.04), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Mar 2019 10:43:35 -0000 Hi all, in a particular customer network we have a world wide VPN with partially overlapping addresses, renumbering impossible due to political reasons, and all the fun you can have in the =E2=80=9Eenterprise=E2=80=9C = environment. No IPv6 either, newfangled nonsense =E2=80=A6 :-/ So to access a certain set of services we installed a VMware virtual machine running FreeBSD at the VPN=E2=80=99s central hub and users in subsidiary offices use the IP address and certain ports on this machine which then hands off to the target service that is not reachable from the subsidiary. Setup is dead simple, just one example: /etc/services: oediv-3243 3243/tcp /etc/inetd.conf: oediv-3243 stream tcp nowait nobody /usr/bin/nc nc = 172.20.1.166 3243 The machine has been in service for 10+ years and runs FreeBSD 6.4. So what=E2=80=99s the problem? The VMware environment that hosts this = machine is about to be retired. So I installed a fresh VM with FreeBSD 11.2 plus current VMware-tools and copied the setup. Then we shutdown the old machine and booted the new one with identical IP address. Needless to say: doesn=E2=80=99t work. And no, it=E2=80=99s not the = obvious ARP caches. Connections can be established but then abort spontaneously without an observable pattern or reason. We already found that more modern netcat/nc needs =E2=80=9E-N=E2=80=9C = to close the connections on EOF, but besides =E2=80=A6 Does anyone know what might have changed that could cause connection problems? Kind regards, Patrick --=20 punkt.de GmbH Internet - Dienstleistungen - Beratung Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100 76133 Karlsruhe info@punkt.de http://punkt.de AG Mannheim 108285 Gf: Juergen Egeling