Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Dec 2003 13:42:08 +0100
From:      Eric Masson <e-masson@kisoft-services.com>
To:        Mailing List FreeBSD Network <freebsd-net@FreeBSD.org>
Subject:   FreeBSD, ipnat & timeouts while loading page
Message-ID:  <86r7z9ie0h.fsf@t39bsdems.interne.kisoft-services.com>

next in thread | raw e-mail | index | archive | help
--=-=-=
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Hello,

I'm using the following setup :
FreeBSD 4.8-RELEASE-p14 with stock ipfilter 3.4.31
(uname -a attached)

I'm using the following ipnat rules
# Nat rules
map ng0 192.168.10.0/24 -> 0/32 proxy port ftp ftp/tcp
map ng0 192.168.10.0/24 -> 0/32 portmap tcp/udp 10000:24000
map ng0 192.168.10.0/24 -> 0/32

net.inet.ip.forwarding is set to 1.

When I try to browse certain http sites from a box behind this gateway,
name resolution succeeds, connection is opened and then stalls. (tcpdump
of a connection to http://www.architectes.org on gateway external
interface attached)

When directly connected to the internet, the box can access these sites
flawlessly.

The symptoms are the same whether filtering is active or not (ipf.rules
attached if needed)

Google only sent back results talking about bad nic, so swap is the next
thing I'll do but has anyone seen such symptoms .

Regards

Eric Masson

-- 
 où se trouve la boîte aux lettre de Outlook Express ?
 J'en ai besoin pour configurer mon modem Olitec smart memory, lorsqu'il
 daignera fonctionner correctement !!
 -+- DV in : Guide du Neuneu Usenetien - Tout est dans tout... -+-

--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=ipnat.rules

# Nat rules
map ng0 192.168.10.0/24 -> 0/32 proxy port ftp ftp/tcp
map ng0 192.168.10.0/24 -> 0/32 portmap tcp/udp 10000:24000
map ng0 192.168.10.0/24 -> 0/32

--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=ipf.rules
Content-Transfer-Encoding: base64

IyBCbG9jayBtYWxmb3JtZWQgcGFja2V0cwoKYmxvY2sJaW4gIGxvZyBsZXZlbCBzZWN1cml0
eS5pbmZvCXF1aWNrIGFsbCB3aXRoIG9wdCBsc3JyCmJsb2NrCWluICBsb2cgbGV2ZWwgc2Vj
dXJpdHkuaW5mbwlxdWljayBhbGwgd2l0aCBvcHQgc3NycgpibG9jawlpbiAgbG9nIGxldmVs
IHNlY3VyaXR5LmluZm8JcXVpY2sgYWxsIHdpdGggaXBvcHRzCmJsb2NrCWluICBsb2cgbGV2
ZWwgc2VjdXJpdHkuaW5mbwlxdWljayBwcm90byB0Y3AgYWxsIHdpdGggc2hvcnQKYmxvY2sJ
aW4gIGxvZyBsZXZlbCBzZWN1cml0eS5pbmZvCXF1aWNrIHByb3RvIGljbXAgYWxsIHdpdGgg
ZnJhZwoKIyBObyByZXN0cmljdGlvbnMgb24gbG9vcGJhY2sgaW50ZXJmYWNlCgpwYXNzCWlu
CQkJCXF1aWNrIG9uIGxvMCBhbGwKcGFzcwlvdXQJCQkJcXVpY2sgb24gbG8wIGFsbAoKIyBQ
UFBvRSBzdXBwb3J0IGludGVyZmFjZSBydWxlcyAobm8gaXAgdHJhZmZpYyBhbGxvd2VkIGF0
IGFsbCkKCmJsb2NrCWluCQkJCSAgICAgIG9uIGVkMCBhbGwgaGVhZCAxMApibG9jawlpbgkJ
CQlxdWljayBvbiBlZDAgcHJvdG8gdGNwIGZyb20gYW55IHRvIGFueSAgZ3JvdXAgMTAKYmxv
Y2sJaW4JCQkJcXVpY2sgb24gZWQwIHByb3RvIHVkcCBmcm9tIGFueSB0byBhbnkgIGdyb3Vw
IDEwCmJsb2NrCWluCQkJCXF1aWNrIG9uIGVkMCBwcm90byBpY21wIGZyb20gYW55IHRvIGFu
eSBncm91cCAxMApwYXNzCWluCQkJCSAgICAgIG9uIGVkMCBhbGwgICAgICAgICAgICAgICAg
ICAgICAgICBncm91cCAxMAoKYmxvY2sJb3V0CQkJCSAgICAgIG9uIGVkMCBhbGwgaGVhZCAx
MQpibG9jawlvdXQJCQkJcXVpY2sgb24gZWQwIHByb3RvIHRjcCBmcm9tIGFueSB0byBhbnkg
IGdyb3VwIDExCmJsb2NrCW91dAkJCQlxdWljayBvbiBlZDAgcHJvdG8gdWRwIGZyb20gYW55
IHRvIGFueSAgZ3JvdXAgMTEKYmxvY2sJb3V0CQkJCXF1aWNrIG9uIGVkMCBwcm90byBpY21w
IGZyb20gYW55IHRvIGFueSBncm91cCAxMQpwYXNzCW91dAkJCQkgICAgICBvbiBlZDAgYWxs
ICAgICAgICAgICAgICAgICAgICAgICAgZ3JvdXAgMTEKCiMgSW50ZXJuYWwgaW50ZXJmYWNl
CgpwYXNzCWluCQkJCXF1aWNrIG9uIGRlMCBhbGwKcGFzcwlvdXQJCQkJcXVpY2sgb24gZGUw
IGFsbAoKIyBQUFBvRSBpbnRlcmZhY2UgcnVsZXMKCnBhc3MJCQkJaW4gIGxvZyBsZXZlbCBz
ZWN1cml0eS5pbmZvCXF1aWNrIG9uIG5nMCBwcm90byBpY21wIGZyb20gYW55IHRvIGFueSBp
Y21wLXR5cGUgOCBrZWVwIHN0YXRlCgpibG9jawkJCQlpbgkJCQkJb24gbmcwCQkgIGFsbAkJ
CQloZWFkIDI1CmJsb2NrCQkJCWluIGxvZyBsZXZlbCBzZWN1cml0eS5pbmZvCXF1aWNrCW9u
IG5nMCAgICAgICAgICAgIGZyb20gMTkyLjE2OC4wLjAvMTYJdG8gYW55CWdyb3VwIDI1CmJs
b2NrCQkJCWluIGxvZyBsZXZlbCBzZWN1cml0eS5pbmZvCXF1aWNrCW9uIG5nMCAgICAgICAg
ICAgIGZyb20gMTcyLjE2LjAuMC8xMgl0byBhbnkJZ3JvdXAgMjUKYmxvY2sJCQkJaW4gbG9n
IGxldmVsIHNlY3VyaXR5LmluZm8JcXVpY2sJb24gbmcwICAgICAgICAgICAgZnJvbSAxMjcu
MC4wLjAvOAl0byBhbnkJZ3JvdXAgMjUKYmxvY2sJCQkJaW4gbG9nIGxldmVsIHNlY3VyaXR5
LmluZm8JcXVpY2sJb24gbmcwICAgICAgICAgICAgZnJvbSAxMC4wLjAuMC84CXRvIGFueQln
cm91cCAyNQpibG9jawkJCQlpbiBsb2cgbGV2ZWwgc2VjdXJpdHkuaW5mbwlxdWljawlvbiBu
ZzAgICAgICAgICAgICBmcm9tIDAuMC4wLjAvOAl0byBhbnkJZ3JvdXAgMjUKYmxvY2sJcmV0
dXJuLXJzdAkJaW4gbG9nIGxldmVsIHNlY3VyaXR5LmluZm8gCXF1aWNrCW9uIG5nMCBwcm90
byB0Y3AgIGZyb20gYW55CQl0byBhbnkJZ3JvdXAgMjUKYmxvY2sJcmV0dXJuLWljbXAocG9y
dC11bnIpCWluIGxvZyBsZXZlbCBzZWN1cml0eS5pbmZvIAlxdWljawlvbiBuZzAgcHJvdG8g
dWRwICBmcm9tIGFueQkJdG8gYW55CWdyb3VwIDI1CmJsb2NrCQkJCWluIGxvZyBsZXZlbCBz
ZWN1cml0eS5pbmZvIAlxdWljawlvbiBuZzAJCSAgYWxsCQkJCWdyb3VwIDI1CgpibG9jawlv
dXQJCQkJICAgICAgb24gbmcwIGFsbCBoZWFkIDMwCmJsb2NrCW91dCBsb2cgbGV2ZWwgc2Vj
dXJpdHkuaW5mbwlxdWljayBvbiBuZzAgICAgICAgICAgICBmcm9tIGFueSB0byAxOTIuMTY4
LjAuMC8xNiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdyb3VwIDMwCmJsb2Nr
CW91dCBsb2cgbGV2ZWwgc2VjdXJpdHkuaW5mbwlxdWljayBvbiBuZzAgICAgICAgICAgICBm
cm9tIGFueSB0byAxNzIuMTYuMC4wLzEyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIGdyb3VwIDMwCmJsb2NrCW91dCBsb2cgbGV2ZWwgc2VjdXJpdHkuaW5mbwlxdWljayBv
biBuZzAgICAgICAgICAgICBmcm9tIGFueSB0byAxMjcuMC4wLjAvOCAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIGdyb3VwIDMwCmJsb2NrCW91dCBsb2cgbGV2ZWwgc2Vj
dXJpdHkuaW5mbwlxdWljayBvbiBuZzAgICAgICAgICAgICBmcm9tIGFueSB0byAxMC4wLjAu
MC84ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdyb3VwIDMwCmJsb2Nr
CW91dCBsb2cgbGV2ZWwgc2VjdXJpdHkuaW5mbwlxdWljayBvbiBuZzAgICAgICAgICAgICBm
cm9tIGFueSB0byAwLjAuMC4wLzggICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIGdyb3VwIDMwCnBhc3MJb3V0CQkJCXF1aWNrIG9uIG5nMCBwcm90byB0Y3AgIGZyb20g
YW55IHRvIGFueSBmbGFncyBTL1NBIGtlZXAgc3RhdGUga2VlcCBmcmFncyBncm91cCAzMApw
YXNzCW91dAkJCQlxdWljayBvbiBuZzAgcHJvdG8gdWRwICBmcm9tIGFueSB0byBhbnkgICAg
ICAgICAgICBrZWVwIHN0YXRlICAgICAgICAgICAgZ3JvdXAgMzAKcGFzcwlvdXQJCQkJcXVp
Y2sgb24gbmcwIHByb3RvIGljbXAgZnJvbSBhbnkgdG8gYW55ICAgICAgICAgICAga2VlcCBz
dGF0ZSAgICAgICAgICAgIGdyb3VwIDMwCmJsb2NrCW91dCBsb2cgbGV2ZWwgc2VjdXJpdHku
aW5mbwkgICAgICBvbiBuZzAgYWxsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGdyb3VwIDMwCg==
--=-=-=
Content-Type: application/octet-stream
Content-Disposition: attachment; filename=tcpdump.err
Content-Transfer-Encoding: base64

1MOyoQIABAAAAAAAAAAAAGAAAAAAAAAA1rTYP2M6DgAsAAAALAAAAAIAAABFAAAoNztAAH8G
tmxR+cYjw2UypicSAFAAAY7fTU7snlAEAACxiAAA2bTYP0YIAAAwAAAAMAAAAAIAAABFAAAs
OTtAAH8GtGhR+cYjw2UypicTAFAAAY2iAAAAAGACIAC09wAAAgQFtNm02D/xJAEAMAAAADAA
AAACAAAARQAALFrpQAB3Bpq6w2UyplH5xiMAUCcTttVGqgABjaNgEv//12YAAAIEBbTZtNg/
IiYBACwAAAAsAAAAAgAAAEUAACg6O0AAfwazbFH5xiPDZTKmJxMAUAABjaO21UarUBAiOMzr
AADZtNg/0CgBAGAAAAB1AQAAAgAAAEUAAXE7O0AAfwaxI1H5xiPDZTKmJxMAUAABjaO21Uar
UBgiOA98AABHRVQgLyBIVFRQLzEuMQ0KQWNjZXB0OiBhcHBsaWNhdGlvbi92bmQubXMtZXhj
ZWwsIGFw3LTYP7UjAQBgAAAAdQEAAAIAAABFAAFxPTtAAH8GryNR+cYjw2UypicTAFAAAY2j
ttVGq1AYIjgPfAAAR0VUIC8gSFRUUC8xLjENCkFjY2VwdDogYXBwbGljYXRpb24vdm5kLm1z
LWV4Y2VsLCBhcNy02D+DhAIALAAAACwAAAACAAAARQAAKFtHQAB3Bppgw2UyplH5xiMAUCcT
ttVSEwABjuxQEP6247sAAA==
--=-=-=
Content-Disposition: attachment; filename=uname.txt

FreeBSD rtrbsddupwan.dupont.lan 4.8-RELEASE-p14 FreeBSD 4.8-RELEASE-p14 #0: Thu Dec 11 19:08:37 CET 2003     emss@rtrbsddupwan.dupont.lan:/usr/src/sys/compile/FIREWALL  i386

--=-=-=--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86r7z9ie0h.fsf>