From owner-freebsd-questions Thu Jul 12 1:45:32 2001 Delivered-To: freebsd-questions@freebsd.org Received: from plk.in.nextra.sk (fw.in.nextra.sk [195.168.29.2]) by hub.freebsd.org (Postfix) with ESMTP id 4DA4C37B401 for ; Thu, 12 Jul 2001 01:45:26 -0700 (PDT) (envelope-from plk@in.nextra.sk) Received: (from plk@localhost) by plk.in.nextra.sk (8.11.2/8.11.2) id f6C8jeE23848 for freebsd-questions@freebsd.org; Thu, 12 Jul 2001 10:45:40 +0200 Date: Thu, 12 Jul 2001 10:45:40 +0200 From: Bohuslav Plucinsky To: freebsd-questions@freebsd.org Subject: natd and ICMP 3.4 packets Message-ID: <20010712104540.A23817@in.nextra.sk> Reply-To: plk@in.nextra.sk Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Organization: NEXTRA, Bratislava, SLOVAKIA X-NCC-RegID: sk.nextra Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi there, I have strange problem with natd and ICMP 3.4 (destination unreachable/ fragmentation needed) packets. Situation: - we have FreeBSD 4.2-20001228-STABLE box with ipfw and natd configured xl0 interface have public address 195.168.x.x xl1 interface is connected to our intranet with private addr 10.10.1.1 ipfw show: 00100 0 0 allow ip from any to any via lo0 ... 09200 0 0 divert 8668 ip from any to any via xl0 09300 0 0 allow ip from any to any natd is running with arguments: natd -n xl0 - behind freebsd box is cisco router with GRE tunnel 195.168.x.x xl0 --------- xl1 10.10.1.0/24 (MTU 1500) -------| FreeBSD |------------------------------------------------------.... --------- | ipfw +NAT | | | 10.10.1.2 ---------- | CISCO 1 | ---------- || || || GRE tunnel (MTU 1476) || || || ---------- | CISCO 2 | ---------- | 10.10.20.0/24 ---- ---------------------------------| PC | ---- 10.10.20.2 Problem: If cisco router CISCO 1 sends ICMP 3.4 packet to any server on Internet, natd on FreeBSD box aliases data inside ICMP packet, but not IP headers There is tcpdump on xl1 interface: 11:56:54.376974 10.10.1.2 > 195.168.3.210: icmp: 10.10.20.2 unreachable - need to frag (mtu 1476) and on xl0 interface: 11:56:55.216974 10.10.1.2 > 195.168.3.210: icmp: 195.168.x.x unreachable - need to frag (mtu 1476) ^^^^^^^^^ ^^^^^^^^^^^ Is this bug in natd or make I some mistake in configuration? Regards, -- ====================================================================== Bohus PLUCINSKY e-mail: plk@in.nextra.sk Network Engineer N E X T R A Plynarenska 1 tel: +421 7 58 228 111 824 71 Bratislava 26 fax: +421 7 58 228 222 S L O V A K I A http://www.nextra.sk ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message