From owner-freebsd-hackers Tue Jan 28 18:20:49 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA01144 for hackers-outgoing; Tue, 28 Jan 1997 18:20:49 -0800 (PST) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA01139 for ; Tue, 28 Jan 1997 18:20:45 -0800 (PST) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id SAA11106; Tue, 28 Jan 1997 18:18:47 -0800 (PST) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma011104; Tue Jan 28 18:18:24 1997 Received: (from archie@localhost) by bubba.whistle.com (8.7.5/8.6.12) id SAA21188; Tue, 28 Jan 1997 18:18:24 -0800 (PST) From: Archie Cobbs Message-Id: <199701290218.SAA21188@bubba.whistle.com> Subject: Re: ipdivert & masqd In-Reply-To: <199701251842.SAA11494@awfulhak.demon.co.uk> from Brian Somers at "Jan 25, 97 06:42:20 pm" To: brian@awfulhak.demon.co.uk (Brian Somers) Date: Tue, 28 Jan 1997 18:18:24 -0800 (PST) Cc: hackers@freebsd.org, ari.suutari@ps.carel.fi, cmott@srv.net X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > Can I take it from you recent email to the hackers list that > > you solved the problem? > > Nope - as Ari Suutari wrote to me and said: > Hi, > > About two sockets - you might also need them. > My first version used also only one socket, but there > were some cases where kernel packet filtering loop > avoidance code was confused when incoming and outgoing > packets were put into same socket. The result was that > some packets were not diverted which in turn resulted > in connection failures. With separate sockets for > incoming and outgoing packets everything works fine. > > The idea in natd is that user makes modifications in > /etc/rc.firewall to set it up. The test script is only > for testing - you are not expected to use it for anything else. > (perhaps I should mention this in README file). > > Both these main programs are very much alike for obvious > reasons: all the brains is in the code written by Charles. > > Ari S. > > On investigation, he's correct. Tcp & udp return setup packets coming into > the machine with masqd running seem to disappear - masqd sees them, but when > it injects them back into the divert socket they disappear (the app never > sees them). > > This shows itself when you try to initiate a tcp/udp connection through the > divert sockets from the machine running masqd.... a timeout occurs. However, > machines that are having packets forwarded through the masqd machine are fine. > I'll have a look at the divert code and see if I can come up with anything > interresting. Under which version(s) of FreeBSD are you guys having this problem ? I'm trying to track it down... Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com