From owner-freebsd-net@FreeBSD.ORG Thu Sep 28 10:54:27 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F67216A412 for ; Thu, 28 Sep 2006 10:54:27 +0000 (UTC) (envelope-from lytboris@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id B68BE43D72 for ; Thu, 28 Sep 2006 10:54:14 +0000 (GMT) (envelope-from lytboris@gmail.com) Received: by ug-out-1314.google.com with SMTP id m2so139137uge for ; Thu, 28 Sep 2006 03:54:12 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:organization:x-priority:message-id:to:cc:subject:resent-from:mime-version:content-type:content-transfer-encoding; b=F8bvMjpzxRxgxOGTnOKX/sUvhXe0BImvT+6/vC+OUVWMdNCHmej5fHtnh5tN004eTtj2SwMF3ZyQS0E3f3t4yQ4yP5B4PHdSBndxWnrjoJG1jM8RhEEs52o2ncoLplyiF6PL3AJZaS9efj5tpELinvkx5ruLlzSePA+BQNQqmxI= Received: by 10.67.119.13 with SMTP id w13mr1613723ugm; Thu, 28 Sep 2006 03:54:12 -0700 (PDT) Received: from ?192.168.200.2? ( [85.140.232.163]) by mx.gmail.com with ESMTP id g30sm1462013ugd.2006.09.28.03.54.09; Thu, 28 Sep 2006 03:54:11 -0700 (PDT) Date: Thu, 28 Sep 2006 14:54:12 +0400 From: Lytochkin Boris X-Mailer: The Bat! (v3.72.12 (Beta)) Professional Organization: MSU X-Priority: 3 (Normal) Message-ID: <841264397.20060928145412@gmail.com> To: piso@FreeBSD.org Resent-from: Lytochkin Boris MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Resent-Message-Id: <20060928105414.B68BE43D72@mx1.FreeBSD.org> Resent-Date: Thu, 28 Sep 2006 10:54:14 +0000 (GMT) Cc: tarc@tarc.po.cs.msu.su, net@freebsd.org Subject: [ng_nat]bug w/ traceroute? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Sep 2006 10:54:27 -0000 Hello! I have a router configured for NAT using ng_nat & ipfw. >ipfw: >01050 allow ip from me to any >01100 netgraph 60 ip from 192.168.90.0/24 to not 192.168.0.0/16 out via rl0 >01101 netgraph 61 ip from any to 193.232.121.245 in via rl0 >01200 allow ip from any to any >/etc/ngctl.conf: >mkpeer ipfw: nat 60 out >name ipfw:60 nat_cars >connect ipfw: nat_cars: 61 in >msg nat_cars: setaliasaddr 193.232.121.245 There is a very strange situation on the NAT'ing server: >traceroute -P icmp -z 500 -w 2 -q 1 194.87.0.50 traceroute to 194.87.0.50 (194.87.0.50), 64 hops max, 60 byte packets 1 * 2 * 3 * 4 * 5 * 6 * 7 www.ru (194.87.0.50) 14.582 ms The problem can be eliminated deleting 1101 rule: >traceroute -P icmp -z 500 -w 2 -q 1 194.87.0.50 traceroute to 194.87.0.50 (194.87.0.50), 64 hops max, 60 byte packets 1 knogw.phys.msu.ru (193.232.121.129) 2.809 ms 2 phsw3550.phys.msu.ru (193.232.122.1) 3.959 ms 3 MSU-PHYS.ATM2-0.122.HQ-R1.msu.net (193.232.127.77) 577.372 ms 4 CAMPUS-M9.ATM9-0-0.10.CAMPUS.msu.net (193.232.127.82) 9.012 ms 5 M9-IX-1G.Demos.net (193.232.244.35) 11.258 ms 6 iki-1-vl10.Demos.net (194.87.0.83) 7.151 ms 7 www.ru (194.87.0.50) 7.976 ms NAT using pf or ipfw_natd seems to work properly in this situation. The problem is reproduced on both my servers and this behaviour can be seen _only_ on the server: clients that are NATed using this config can traceroute correctly. >uname -a FreeBSD torrent 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #13: Sat Sep 16 16:16:16 MSD 2006 root@torrent:/usr/obj/usr/src/sys/TORRENT i386 -- Best regards, Lytochkin mailto:lytboris@gmail.com