Date: Wed, 3 Jul 2002 01:11:34 -0700 (PDT) From: Fabien Menemenlis <nihilist@dead-inside.org> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/40139: ipfilter issue Message-ID: <200207030811.g638BY44098123@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 40139 >Category: kern >Synopsis: ipfilter issue >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jul 03 01:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Fabien Menemenlis >Release: 4.6-STABLE >Organization: Iliad >Environment: FreeBSD onepafw1 4.6-STABLE FreeBSD 4.6-STABLE #2: Thu Jun 27 16:12:37 CEST 2002 fabien@onepafw1:/usr/obj/usr/src/sys/FW i386 >Description: When using masqueradinig with ipnat, 2 boxes from the private network can't access the same destination "at the same time". Same problem with 3 firewalls (all 4.6-STABLE, ethernet interfaces fxp, xl or tl). The configuration was changed to ipfw + natd, no more problem. >How-To-Repeat: Simple configuration for ipnat: map fxp0 192.168.0.0/16 -> 123.123.123.123/32 proxy port ftp ftp/tcp map fxp0 192.168.0.0/16 -> 123.123.123.123/32 portmap tcp/udp 10000:65000 map fxp0 192.168.0.0/16 -> 123.123.123.123/32 and for ipf: pass in from any to any pass out from any to any Log on 2 machines on the internal network, ping the same external IP at the same time: 1 is blocked. Stop the ping working, the other will then start working. >Fix: none (well, use ipfw + natd :P) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207030811.g638BY44098123>