From owner-freebsd-bugs Wed Jul 3 1:20: 9 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0574C37B400 for ; Wed, 3 Jul 2002 01:20:03 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DBE243E67 for ; Wed, 3 Jul 2002 01:20:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g638K2JU015164 for ; Wed, 3 Jul 2002 01:20:02 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g638K2Ug015163; Wed, 3 Jul 2002 01:20:02 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F0D9837B400 for ; Wed, 3 Jul 2002 01:11:34 -0700 (PDT) Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70C1643E52 for ; Wed, 3 Jul 2002 01:11:34 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g638BYOT098124 for ; Wed, 3 Jul 2002 01:11:34 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.4/8.12.4/Submit) id g638BY44098123; Wed, 3 Jul 2002 01:11:34 -0700 (PDT) Message-Id: <200207030811.g638BY44098123@www.freebsd.org> Date: Wed, 3 Jul 2002 01:11:34 -0700 (PDT) From: Fabien Menemenlis To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/40139: ipfilter issue Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 40139 >Category: kern >Synopsis: ipfilter issue >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jul 03 01:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Fabien Menemenlis >Release: 4.6-STABLE >Organization: Iliad >Environment: FreeBSD onepafw1 4.6-STABLE FreeBSD 4.6-STABLE #2: Thu Jun 27 16:12:37 CEST 2002 fabien@onepafw1:/usr/obj/usr/src/sys/FW i386 >Description: When using masqueradinig with ipnat, 2 boxes from the private network can't access the same destination "at the same time". Same problem with 3 firewalls (all 4.6-STABLE, ethernet interfaces fxp, xl or tl). The configuration was changed to ipfw + natd, no more problem. >How-To-Repeat: Simple configuration for ipnat: map fxp0 192.168.0.0/16 -> 123.123.123.123/32 proxy port ftp ftp/tcp map fxp0 192.168.0.0/16 -> 123.123.123.123/32 portmap tcp/udp 10000:65000 map fxp0 192.168.0.0/16 -> 123.123.123.123/32 and for ipf: pass in from any to any pass out from any to any Log on 2 machines on the internal network, ping the same external IP at the same time: 1 is blocked. Stop the ping working, the other will then start working. >Fix: none (well, use ipfw + natd :P) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message