Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Sep 2006 14:54:12 +0400
From:      Lytochkin Boris <lytboris@gmail.com>
To:        piso@FreeBSD.org
Cc:        tarc@tarc.po.cs.msu.su, net@freebsd.org
Subject:   [ng_nat]bug w/ traceroute?
Message-ID:  <841264397.20060928145412@gmail.com>
Resent-Message-ID: <20060928105414.B68BE43D72@mx1.FreeBSD.org>
next in thread | raw e-mail | index | archive | help 
Hello!

I have a router configured for NAT using ng_nat & ipfw.

>ipfw:
>01050 allow ip from me to any
>01100 netgraph 60 ip from 192.168.90.0/24 to not 192.168.0.0/16 out via rl0
>01101 netgraph 61 ip from any to 193.232.121.245 in via rl0
>01200 allow ip from any to any

>/etc/ngctl.conf:
>mkpeer ipfw: nat 60 out
>name ipfw:60 nat_cars
>connect ipfw: nat_cars: 61 in
>msg nat_cars: setaliasaddr 193.232.121.245

There is a very strange situation on the NAT'ing server:
>traceroute -P icmp -z 500 -w 2 -q 1 194.87.0.50
traceroute to 194.87.0.50 (194.87.0.50), 64 hops max, 60 byte packets
 1  *
 2  *
 3  *
 4  *
 5  *
 6  *
 7  www.ru (194.87.0.50)  14.582 ms

The problem can be eliminated deleting 1101 rule:
>traceroute -P icmp -z 500 -w 2 -q 1 194.87.0.50
traceroute to 194.87.0.50 (194.87.0.50), 64 hops max, 60 byte packets
 1  knogw.phys.msu.ru (193.232.121.129)  2.809 ms
 2  phsw3550.phys.msu.ru (193.232.122.1)  3.959 ms
 3  MSU-PHYS.ATM2-0.122.HQ-R1.msu.net (193.232.127.77)  577.372 ms
 4  CAMPUS-M9.ATM9-0-0.10.CAMPUS.msu.net (193.232.127.82)  9.012 ms
 5  M9-IX-1G.Demos.net (193.232.244.35)  11.258 ms
 6  iki-1-vl10.Demos.net (194.87.0.83)  7.151 ms
 7  www.ru (194.87.0.50)  7.976 ms

NAT using pf or ipfw_natd seems to work properly in this situation.

The problem is reproduced on both my servers and this behaviour can be
seen _only_ on the server: clients that are NATed using this config
can traceroute correctly.

>uname -a
FreeBSD torrent 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #13: Sat Sep 16 16:16:16 MSD 2006     root@torrent:/usr/obj/usr/src/sys/TORRENT  i386

-- 
Best regards,
 Lytochkin                          mailto:lytboris@gmail.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?841264397.20060928145412>