Date: Fri, 23 Feb 2024 22:39:54 +0100 From: Peter <pmc@citylink.dinoex.sub.org> To: freebsd-net@freebsd.org Subject: libalias defect (PR 269770) Message-ID: <ZdkQqgc3ei318inl@disp.intra.daemon.contact>
next in thread | raw e-mail | index | archive | help
Folks,
after suffering frequent network outages for quite some time, I
finally hunted them down to a libalias issue.
'man 8 natd' suggests this for a port-forward:
For example, the argument
tcp inside1:telnet 6666
means that incoming TCP packets destined for port 6666 on
this machine will be sent to the telnet port on the inside1
machine.
While this may work for TCP, it does not work well for UDP
(evidence is in the PR).
With a static alias IP there are two ways to describe such a
portforward:
(1)
ipfw nat 1 config log same_ports unreg_only ip 203.0.113.1 \
redirect_port udp 192.168.1.12:5006 5006 \
redirect_port tcp 192.168.1.12:5006 5006
(2)
ipfw nat 1 config log same_ports unreg_only ip 203.0.113.1 \
redirect_port udp 192.168.1.12:5007 203.0.113.1:5006 \
redirect_port tcp 192.168.1.12:5007 203.0.113.1:5006
While there seems no obvious difference between both, there is
a difference insofar as (2) appears to work, while (1) does not.
The other difference is that (2) obviousely cannot be used with
a dynamic alias (parameter 'if' instead of 'ip'), so there exists
no working configuration in that case. Therefore I consider this
not just a documentation flaw, but a defect.
cheerio,
PMc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZdkQqgc3ei318inl>