Date: Fri, 1 Oct 2004 08:18:07 +0000 From: "Mikhail P." <miha@ghuug.org> To: Juhani Tali <juhani@kernel.ee> Cc: freebsd-net@freebsd.org Subject: Re: confusion with natd Message-ID: <200410010818.07826.miha@ghuug.org> In-Reply-To: <415D0977.4000006@kernel.ee> References: <200410010543.42789.miha@ghuug.org> <200410010711.24829.miha@ghuug.org> <415D0977.4000006@kernel.ee>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 01 October 2004 07:38, Juhani Tali wrote: > ---- > ipfw add 4 divert 8568 ip from 192.168.0.3 to any out xmit tun0 > ipfw add 6 divert 8568 ip from any to any in recv tun0 > ---- > > replace these with > ipfw add 4 divert 8568 ip from 192.168.0.3 to any > prior to this rule the packet was not destined to go out through tun0 > but rl1, so the (xmit tun0) condition does not match. I see your point, and I tried suggested ipfw rules, but I'm still unable to get it working. What I ended with now (with above ipfw rules applied) - e.g. I ping "216.239.37.99" (google's ip) from 192.168.0.3, the 4th ipfw rule matches (see below), however pings don't get back and no traffic passes through tun0 (as supposed), instead packet travels via rl0 and then rl1: core# ipfw show 00004 55 3923 divert 8568 ip from 192.168.0.3 to any 00006 0 0 divert 8568 ip from any to any in recv tun0 00010 809517 109015055 divert 8668 ip from 192.168.0.0/24 to any out xmit rl1 00010 804261 407529807 divert 8668 ip from any to 192.168.254.1 in recv rl1 65535 3304709 1040001522 allow ip from any to any core# core# tcpdump -n -i rl0 host 216.239.37.99 tcpdump: listening on rl0 08:00:25.829749 192.168.0.3 > 216.239.37.99: icmp: echo request 08:00:26.839735 192.168.0.3 > 216.239.37.99: icmp: echo request 08:00:27.849675 192.168.0.3 > 216.239.37.99: icmp: echo request ^C 100 packets received by filter 0 packets dropped by kernel core# core# tcpdump -n -i rl1 host 216.239.37.99 tcpdump: listening on rl1 08:00:37.949283 192.168.10.2 > 216.239.37.99: icmp: echo request 08:00:38.959154 192.168.10.2 > 216.239.37.99: icmp: echo request 08:00:39.969102 192.168.10.2 > 216.239.37.99: icmp: echo request 08:00:40.979069 192.168.10.2 > 216.239.37.99: icmp: echo request ^C 57 packets received by filter 0 packets dropped by kernel core# core# netstat -nr|grep tun0 192.168.10.1 192.168.10.2 UH 0 49 tun0 core# ps ax | grep nat|grep tun0 52578 ?? Ss 0:00.51 natd -port 8568 -interface tun0 core# core# netstat -nr|grep tun0 192.168.10.1 192.168.10.2 UH 0 49 tun0 and tcpdump on tun0 shows nothing. Basically we got back to the point where we all started - I can ping remote party (HOST_B) from 192.168.0.x, but no further. Some piece in this mosaic is probably missing.. launched ping from 192.168.0.3 to 192.168.10.1: core# tcpdump -n -i tun0 tcpdump: listening on tun0 08:14:36.959198 192.168.10.1 > 192.168.10.2: icmp: echo reply 08:14:37.711774 192.168.10.2 > 192.168.10.1: icmp: echo request ^C 3 packets received by filter 0 packets dropped by kernel core# > Juhani Tali regards, M.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410010818.07826.miha>