From owner-freebsd-ipfw Thu Apr 6 20:14:42 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from MailAndNews.com (MailAndNews.com [199.29.68.160]) by hub.freebsd.org (Postfix) with ESMTP id B9D5637B62A for ; Thu, 6 Apr 2000 20:14:37 -0700 (PDT) (envelope-from mheffner@mailandnews.com) Received: from muriel.penguinpowered.com [208.138.199.92] (mheffner@mailandnews.com); Thu, 6 Apr 2000 23:14:36 -0400 X-WM-Posted-At: MailAndNews.com; Thu, 6 Apr 00 23:14:36 -0400 Content-Length: 1835 Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20000406182957.E4198@cc942873-a.ewndsr1.nj.home.com> Date: Thu, 06 Apr 2000 23:14:20 -0400 (EDT) Reply-To: Mike Heffner From: Mike Heffner To: cjclark@home.com Subject: Re: Problems with natd Cc: FreeBSD-ipfw Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 06-Apr-2000 Crist J. Clark wrote: | Feel free to ... [snip] Well, I have examined the problem some more, and well, haven't achieved much other than to confuse myself more... _With_ natd running and divert ipfw rule: the packets seem to be going out the line fine and were reaching your host, because I was getting the ICMP "admin blocked..." off of the auth port. But, when i try 25, 23, whatever, there are no response packets at all, it will just keep sending syns. _Without_ natd running and without divert rule: i still get the ICMP packets off of auth, like expected, but I'm ALSO able to connect to 23, 25,..., and get a response, (ie. everything works just like it should). It seems that FBSD sets the IP "type of service" field now, compared to about 2 months ago when it was never used. My box was setting it to 0x10, is there a reason that it is now used? This doesn't seem to matter though, because it's set with and without natd running. Hrm, this is all very strange because it looks like the packets are arriving at a host (since your host was sending the icmp admin blocked stuff) but for some reason UDP and TCP replies aren't coming back. At first I thought maybe natd was somehow dropping the incoming packets, but I've logged everything coming in _before_ diverting to natd and the packets still aren't there. I have even put printf's in ipfw kernel code to see if maybe the packets were being silently dropped in ipfw before it checks the rules, but they still don't appear. anyone have any other approach to the problem i can attempt? /**************************************** * Mike Heffner * * Fredericksburg, VA ICQ# 882073 * * Sent at: 06-Apr-2000 -- 22:39:01 EST * * http://my.ispchannel.com/~mheffner * ****************************************/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message