From nobody Fri Feb 23 21:39:54 2024 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ThNpk3JYYz5BZSh for ; Fri, 23 Feb 2024 21:45:18 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840::12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "uucp.dinoex.sub.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ThNpj2dLPz45DR for ; Fri, 23 Feb 2024 21:45:17 +0000 (UTC) (envelope-from pmc@citylink.dinoex.sub.org) Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of pmc@citylink.dinoex.sub.org designates 2a0b:f840::12 as permitted sender) smtp.mailfrom=pmc@citylink.dinoex.sub.org; arc=pass ("uucp.dinoex.org:s=M20221114:i=1") Received: from uucp.dinoex.org (uucp.dinoex.org [IPv6:2a0b:f840:0:0:0:0:0:12]) by uucp.dinoex.org (8.18.1/8.18.1) with ESMTPS id 41NLj53e029437 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Fri, 23 Feb 2024 22:45:06 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) ARC-Seal: i=1; a=rsa-sha256; d=uucp.dinoex.org; s=M20221114; t=1708724708; cv=none; b=mxlbTikdlx5Z4T8hTzmzgLQVBWPdW5HhtgoHG/oveq+Tt3JqsAvBo98c/LvNc7oBOt1li2f8xRyb08o3Wf2Ri6+nX3pmpWux5PDfG3q1Slf76hBk7V40BG8ceFCkIPzRsEw0ZXN2+axMIy6gTeK5GIlrww6nOG3Uov4HofDfCcw= ARC-Message-Signature: i=1; a=rsa-sha256; d=uucp.dinoex.org; s=M20221114; t=1708724708; c=relaxed/simple; bh=SkPle80ZeOKeq+3Fr+AUx7c9aQgExDEHOLm5ofOfq9E=; h=Received:Received:Received:Received:X-Authentication-Warning:Date: From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition:X-Milter:X-Greylist; b=CaYxNJ25MMQz+TavlKu59iuGU3Ky1bpP36+/NV5/QFArQzfiGu9O1F/lF+1aBToOwu38Yg9BK41z7dAukFb7V9XpWRyIUxQERtHM9ByacEkF+b25CUNwOTlFMDw1t81YyO2x0l3rpnkjAuVvA2JzOLTAXHXhhXB8WesyXPjGP2Q= ARC-Authentication-Results: i=1; uucp.dinoex.org X-MDaemon-Deliver-To: Received: (from uucp@localhost) by uucp.dinoex.org (8.18.1/8.18.1/Submit) with UUCP id 41NLj5iH029436 for freebsd-net@freebsd.org; Fri, 23 Feb 2024 22:45:05 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from disp.intra.daemon.contact (disp-e.intra.daemon.contact [IPv6:fd00:0:0:0:0:0:0:112]) by admn.intra.daemon.contact (8.17.1/8.17.1) with ESMTPS id 41NLeNKx015128 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=OK) for ; Fri, 23 Feb 2024 22:40:23 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: from disp.intra.daemon.contact (localhost [127.0.0.1]) by disp.intra.daemon.contact (8.17.1/8.17.1) with ESMTPS id 41NLdsar060632 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Fri, 23 Feb 2024 22:39:54 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) Received: (from pmc@localhost) by disp.intra.daemon.contact (8.17.1/8.17.1/Submit) id 41NLdsNI060631 for freebsd-net@freebsd.org; Fri, 23 Feb 2024 22:39:54 +0100 (CET) (envelope-from pmc@citylink.dinoex.sub.org) X-Authentication-Warning: disp.intra.daemon.contact: pmc set sender to pmc@citylink.dinoex.sub.org using -f Date: Fri, 23 Feb 2024 22:39:54 +0100 From: Peter To: freebsd-net@freebsd.org Subject: libalias defect (PR 269770) Message-ID: List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Milter: Spamilter (Reciever: uucp.dinoex.org; Sender-ip: 0:0:2a0b:f840::; Sender-helo: uucp.dinoex.org;) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (uucp.dinoex.org [IPv6:2a0b:f840:0:0:0:0:0:12]); Fri, 23 Feb 2024 22:45:08 +0100 (CET) X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.29 / 15.00]; ARC_ALLOW(-1.00)[uucp.dinoex.org:s=M20221114:i=1]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.993]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sub.org]; RCPT_COUNT_ONE(0.00)[1]; MISSING_XM_UA(0.00)[]; ASN(0.00)[asn:205376, ipnet:2a0b:f840::/32, country:DE]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_DN_NONE(0.00)[]; HAS_XAW(0.00)[] X-Rspamd-Queue-Id: 4ThNpj2dLPz45DR Folks, after suffering frequent network outages for quite some time, I finally hunted them down to a libalias issue. 'man 8 natd' suggests this for a port-forward: For example, the argument tcp inside1:telnet 6666 means that incoming TCP packets destined for port 6666 on this machine will be sent to the telnet port on the inside1 machine. While this may work for TCP, it does not work well for UDP (evidence is in the PR). With a static alias IP there are two ways to describe such a portforward: (1) ipfw nat 1 config log same_ports unreg_only ip 203.0.113.1 \ redirect_port udp 192.168.1.12:5006 5006 \ redirect_port tcp 192.168.1.12:5006 5006 (2) ipfw nat 1 config log same_ports unreg_only ip 203.0.113.1 \ redirect_port udp 192.168.1.12:5007 203.0.113.1:5006 \ redirect_port tcp 192.168.1.12:5007 203.0.113.1:5006 While there seems no obvious difference between both, there is a difference insofar as (2) appears to work, while (1) does not. The other difference is that (2) obviousely cannot be used with a dynamic alias (parameter 'if' instead of 'ip'), so there exists no working configuration in that case. Therefore I consider this not just a documentation flaw, but a defect. cheerio, PMc