Date: Thu, 22 Jul 1999 15:14:51 +0200 From: Phil Regnauld <regnauld@ftf.net> To: freebsd-net@freebsd.org Subject: Strange problem with Natd Message-ID: <19990722151451.13038@ns.int.ftf.net>
next in thread | raw e-mail | index | archive | help
Natd is running fine on my box with two netcards: ---fxp0-[box]-xl0--- A win95 box sits on xl0, and a firewall is somewhere after fxp0. fxp0 address = 172.16.211.70 xl0 = 1.0.0.1 Win95 = 1.0.0.2 Natd works, excepts when it hits the firewall, for a specific address. I'm trying to run NetOp from Win95, through the FreeBSD box, through the firewall's (IBM SNG) DMZ interface to an NT box. NT box = 1.2.3.4 This is was tcpdump fxp0 shows: 14:50:46.929212 172.16.211.70.6502 > 1.2.3.4.6502: udp 108 14:50:49.895164 172.16.211.70.6502 > 1.2.3.4.6502: udp 108 ... and it fails. This is what the FW log shows: Jul 22 14:48:38 xxxx: 1999;9630: 2073;ICA1036i;#:;551;R:d; i:;x.x.x.129;s:;1.2.3.4;d:;1.0.0.2;p:;udp;sp:;6502;dp:;6502;r:;r;a:;n;f:;n;T:;0;e:;n;l:;134; Jul 22 14:48:41 xxxx: 1999;9630: 2073;ICA1036i;#:;551;R:d; i:;x.x.x.129;s:;1.2.3.4;d:;1.0.0.2;p:;udp;sp:;6502;dp:;6502;r:;r;a:;n;f:;n;T:;0;e:;n;l:;134; The x.x.x.129 is the Firewall DMZ interface (`i'nterface of transit) s = source d = destination What is REALLY strange, and worries me, is that the destination is 1.0.0.2, which is masqueraded! I can go to other hosts on the net, any protocol and it works... Question: am I seeing a NetOp specific thing ? Do they encapsulate the return address ? It looks like it. IMHO, there is no way the FW could know the address of the source host otherwise... -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990722151451.13038>