From owner-freebsd-hackers Wed Jan 29 15:48:27 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA00434 for hackers-outgoing; Wed, 29 Jan 1997 15:48:27 -0800 (PST) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA00429 for ; Wed, 29 Jan 1997 15:48:23 -0800 (PST) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id PAA19873; Wed, 29 Jan 1997 15:47:45 -0800 (PST) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma019871; Wed Jan 29 15:47:15 1997 Received: (from archie@localhost) by bubba.whistle.com (8.7.5/8.6.12) id PAA25117; Wed, 29 Jan 1997 15:47:14 -0800 (PST) From: Archie Cobbs Message-Id: <199701292347.PAA25117@bubba.whistle.com> Subject: Re: ipdivert & masqd In-Reply-To: <199701292330.XAA14485@awfulhak.demon.co.uk> from Brian Somers at "Jan 29, 97 11:30:52 pm" To: brian@awfulhak.demon.co.uk (Brian Somers) Date: Wed, 29 Jan 1997 15:47:14 -0800 (PST) Cc: archie@whistle.com, terry@lambert.org, ari.suutari@ps.carel.fi, hackers@freebsd.org, cmott@srv.net X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Not exactly - on my machine, there are two problems (3.0-current). The > machine that's doing the masquerading is 10.0.1.254. > > 1. When I do a tcp setup from 10.0.1.254 to 10.0.1.1, the packet goes out > ok, 10.0.1.1 receives it and replies (netstat shows ESTABLISHED). > Masqd/natd receives the packet, fixes it and re-injects it.... then, > all of a sudden, nothing happens. After a long wait, nothing continues > to happen :( It's as if the ip_sum is wrong, but I don't believe that > yet as it works ok when there are two divert sockets involved. > > 2. When a ping is sent from 10.0.1.1 to 10.0.1.254, the incoming icmp > packet is picked up by masqd/natd, fondled and re-injected. That's > *all* that masqd/natd sees. However, 10.0.1.1 gets an ICMP reply. Hmmm.. a couple of questions, trying to understand the setup. Sorry if this is starting to get tiring... :-) - What is your network topology (ASCII art if possible)? That is, what IP interfaces are on what networks with what addresses assigned? - What are the ipfw rules that are installed on the diverting machine? - Why are any packets having their IP addresses remapped if the two machines (at 10.0.1.254 and 10.0.1.1) are on the same subnet? Also, if netstat shows ESTABLISHED (on either end), then at least one packet must have successfully made it across in both directions, due to the TCP handshaking involved in getting to that state. Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com