From owner-freebsd-questions Mon Jan 31 9:17:21 2000 Delivered-To: freebsd-questions@freebsd.org Received: from wondermutt.net (host75-157.student.udel.edu [128.175.75.157]) by hub.freebsd.org (Postfix) with ESMTP id 69A4814D9F for ; Mon, 31 Jan 2000 09:17:14 -0800 (PST) (envelope-from papalia@udel.edu) Received: from morgaine (morgaine.wondermutt.net [192.168.1.2]) by wondermutt.net (8.9.3/8.9.3) with SMTP id MAA34094; Mon, 31 Jan 2000 12:17:52 -0500 (EST) (envelope-from papalia@udel.edu) Message-Id: <4.1.20000131120328.009749c0@mail.udel.edu> X-Sender: papalia@mail.udel.edu X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 31 Jan 2000 12:14:11 -0500 To: freebsd-questions@freebsd.org From: John Subject: NATD/Divert broken ? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hey all, I'm having a small problem with my NATD and my firewall. Per the instructions in "The Complete FreeBSD", I added the firewall rule: divert natd ip from any to any via fxp1 The problem is that this rule is causing partial problems on my loopback device (lo0). What happens is that with the rule in place, for some connections within the box (which definitely go thru lo0), the connections fail. If I remove that rule, then the connections within the box can be made, but then I lose all ability to host my internal 192.168. net. I have done tcpdumps of both the successful and unsuccessful connections and have pasted them below. If the actual tcpdump files would be useful, I can attach those to a subsequent email. Also, I'm currently running 3.3 and am suffering from NO other apparent problems with lo0 that I can tell. tcpdumps are below. Thanks in advance, John ****** Failed connection, with divert rule in place: ****** 12:01:10.744362 merlin.wondermutt.net.3482 > merlin.wondermutt.net.39536: S 1027967984:1027967984(0) win 16384 (DF) 12:01:13.303793 merlin.wondermutt.net.3482 > merlin.wondermutt.net.39536: S 1027967984:1027967984(0) win 16384 (DF) 12:01:19.303910 merlin.wondermutt.net.3482 > merlin.wondermutt.net.39536: S 1027967984:1027967984(0) win 16384 (DF) ****** Successful connection, with rule removed: ****** 11:54:38.896272 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: S 952881636:952881636(0) win 16384 (DF) 11:54:38.896481 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: S 952969582:952969582(0) ack 952881637 win 57344 (DF) 11:54:38.896614 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: . ack 1 win 57344 (DF) 11:54:41.197580 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: P 1:8(7) ack 1 win 57344 (DF) 11:54:41.199426 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: . ack 8 win 57344 (DF) 11:54:43.316179 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: P 1:8(7) ack 8 win 57344 (DF) 11:54:43.399627 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: . ack 8 win 57344 (DF) 11:55:02.390061 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: F 23:23(0) ack 22 win 57344 (DF) 11:55:02.390224 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: . ack 24 win 57344 (DF) 11:55:02.393047 merlin.wondermutt.net.3478 > merlin.wondermutt.net.3477: F 22:22(0) ack 24 win 57344 (DF) 11:55:02.393168 merlin.wondermutt.net.3477 > merlin.wondermutt.net.3478: . ack 23 win 57344 (DF) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message