Date: Sat, 19 Aug 2000 02:32:16 -0700 (PDT) From: markm68k@yahoo.com To: freebsd-gnats-submit@FreeBSD.org Subject: misc/20713: errant traceroute output from behind natd Message-ID: <20000819093216.35A6737B424@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 20713 >Category: misc >Synopsis: errant traceroute output from behind natd >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Aug 19 02:40:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Mark Miller >Release: 4.1-RELEASE >Organization: >Environment: FreeBSD myhost 4.1-RELEASE FreeBSD 4.1-RELEASE #7: Mon Aug 14 21:32:29 PDT 2000 me@myhost:/usr/src/sys/compile/MYHOST i386 >Description: Setting up a firewall rule to send the icmp unreachable for a tcp connection causes the icmp response that is sent to say that the firewall itself is unreachable. >How-To-Repeat: 1. install FreeBSD 4.1-RELEASE 2. configure an "open" firewall 3. configure a natd alias internal interface. 3. add a "unreach host-prohib" rule (e.g. telnet) 4. from a computer connected to the FreeBSD computer behind a natd connection, try to connect to the unreachable host via tcp (e.g. telnet) 5. watch the results from tcpdump. >Fix: unknown. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000819093216.35A6737B424>