Date: Fri, 15 Feb 2008 08:20:16 -0500 From: Stephen Clark <Stephen.Clark@seclark.us> To: freebsd-net@freebsd.org Subject: 6.1 strange gre behavior Message-ID: <47B59190.3090403@seclark.us>
next in thread | raw e-mail | index | archive | help
Hello List,
Has anybody ever tried to use either ipf or ipfw to redirect packets
coming off of a gre interface?
When I try it I get the the packet repeated multiple times on the
destination interface. I have tried it
with both ipf and ipfw/natd with the same results.
I have packets coming in the gre interface to a local ip address that I
am trying to redirect to an ip that exist out on a network
off a different interface.
This is my ipnat redirect rule:
rdr gre3 65.162.182.41/32 port 3655 -> 172.18.26.8 port 3655 tcp/udp
This is from the source end of the gre tunnel:
sclark# hping -S -c 1 -p 3655 65.162.182.41
HPING 65.162.182.41 (vr0 65.162.182.41): S set, 40 headers + 0 data bytes
--- 65.162.182.41 hping statistic ---
1 packets tramitted, 0 packets received, 100% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
This is a tcpdump on the destination of the gre tunnel:
[root@J301002 ~]# tcpdump -nlvi gre3
tcpdump: listening on gre3, link-type NULL (BSD loopback), capture size
96 bytes
08:17:01.561045 IP (tos 0x0, ttl 64, id 35844, offset 0, flags [none],
proto: TCP (6), length: 40) 192.168.11.1.2495 > 65.162.182.41.3655: S,
cksum 0x62e2 (correct), 221136318:221136318(0) win 512
08:17:01.561498 IP (tos 0x0, ttl 64, id 29833, offset 0, flags [none],
proto: ICMP (1), length: 68) 192.168.10.1 > 192.168.11.1: ICMP time
exceeded in-transit, length 48
IP (tos 0x0, ttl 1, id 35844, offset 0, flags [none], proto:
TCP (6), length: 40) 192.168.11.1.2495 > 172.18.26.8.3655: S, cksum
0x9493 (correct), 221136318:221136318(0) win 512
This is a tcpdump of the interface the packet comming from the gre
tunnel is be redirected to - look how many packets there are !!!!!!!:
[root@J301002 ~]# tcpdump -nli rl0 host 172.18.26.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes
08:17:01.561109 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561120 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561127 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561133 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561138 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561144 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561150 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561156 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561161 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561167 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561173 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561178 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561184 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561190 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561195 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561201 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561207 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561213 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561219 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561235 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561241 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561247 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561254 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561259 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561265 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561271 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561277 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561283 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561288 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561294 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561300 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561306 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561312 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561317 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561323 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561329 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561335 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561341 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561347 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561353 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561359 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561364 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561370 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561376 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561381 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561387 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561393 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561399 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561405 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561411 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561417 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561422 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561428 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561434 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561440 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561445 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561451 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561457 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561463 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561469 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561474 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561480 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
08:17:01.561486 IP 192.168.11.1.2495 > 172.18.26.8.3655: S
221136318:221136318(0) win 512
Any help or ideas would be greatly appreciated.
Regards,
Steve
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47B59190.3090403>