Date: Wed, 29 Jan 1997 23:30:52 +0000 From: Brian Somers <brian@awfulhak.demon.co.uk> To: Archie Cobbs <archie@whistle.com> Cc: terry@lambert.org (Terry Lambert), ari.suutari@ps.carel.fi, hackers@freebsd.org, cmott@srv.net Subject: Re: ipdivert & masqd Message-ID: <199701292330.XAA14485@awfulhak.demon.co.uk> In-Reply-To: Your message of "Wed, 29 Jan 1997 12:16:41 PST." <199701292016.MAA24360@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[.....]
> > Actually, I think it's so the outbound packet doesn't get redivirted
> > by that particular handler, but you *can* chain handlers. For instance,
> > say I wanted to chain a cleanwall, a firewall, and a IP proxy server
> > and they were all in seperate divert modules.
>
> Right! That is the purpose of this ip_divert_ignore hack -- for loop
> avoidance. It allows you to send a packet back out via the divert socket
> and simultaneously say "Don't divert *this* packet back into *this* socket".
>
> The theory was that this loop avoidance was working too well, and
> seemed to be applying to packets other than the one that it was
> supposed to. What I'm trying to prove to myself is that this can't
> be happening.
>
> -Archie
Not exactly - on my machine, there are two problems (3.0-current). The
machine that's doing the masquerading is 10.0.1.254.
1. When I do a tcp setup from 10.0.1.254 to 10.0.1.1, the packet goes out
ok, 10.0.1.1 receives it and replies (netstat shows ESTABLISHED).
Masqd/natd receives the packet, fixes it and re-injects it.... then,
all of a sudden, nothing happens. After a long wait, nothing continues
to happen :( It's as if the ip_sum is wrong, but I don't believe that
yet as it works ok when there are two divert sockets involved.
2. When a ping is sent from 10.0.1.1 to 10.0.1.254, the incoming icmp
packet is picked up by masqd/natd, fondled and re-injected. That's
*all* that masqd/natd sees. However, 10.0.1.1 gets an ICMP reply.
Everything else works.
--
Brian <brian@awfulhak.demon.co.uk>, <brian@freebsd.org>
<http://www.awfulhak.demon.co.uk/>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701292330.XAA14485>