From owner-freebsd-net Thu Jul 22 5:59:54 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.ftf.dk (mail.ftf.net [129.142.64.2]) by hub.freebsd.org (Postfix) with ESMTP id 7D64014C0B for ; Thu, 22 Jul 1999 05:59:39 -0700 (PDT) (envelope-from regnauld@ftf.net) Received: from ns.int.ftf.net (fw2.ftf.dk [192.168.1.2] (may be forged)) by mail.ftf.dk (8.9.3/8.9.3/gw-ftf-1.2) with ESMTP id OAA12347 for ; Thu, 22 Jul 1999 14:59:22 +0200 (CEST) X-Authentication-Warning: mail.ftf.dk: Host fw2.ftf.dk [192.168.1.2] (may be forged) claimed to be ns.int.ftf.net Received: (from regnauld@localhost) by ns.int.ftf.net (8.9.2/8.9.3) id PAA40825; Thu, 22 Jul 1999 15:14:52 +0200 (CEST) Message-ID: <19990722151451.13038@ns.int.ftf.net> Date: Thu, 22 Jul 1999 15:14:51 +0200 From: Phil Regnauld To: freebsd-net@freebsd.org Subject: Strange problem with Natd Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88e X-Operating-System: FreeBSD 3.1-RELEASE i386 Organization: FTFnet Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Natd is running fine on my box with two netcards: ---fxp0-[box]-xl0--- A win95 box sits on xl0, and a firewall is somewhere after fxp0. fxp0 address = 172.16.211.70 xl0 = 1.0.0.1 Win95 = 1.0.0.2 Natd works, excepts when it hits the firewall, for a specific address. I'm trying to run NetOp from Win95, through the FreeBSD box, through the firewall's (IBM SNG) DMZ interface to an NT box. NT box = 1.2.3.4 This is was tcpdump fxp0 shows: 14:50:46.929212 172.16.211.70.6502 > 1.2.3.4.6502: udp 108 14:50:49.895164 172.16.211.70.6502 > 1.2.3.4.6502: udp 108 ... and it fails. This is what the FW log shows: Jul 22 14:48:38 xxxx: 1999;9630: 2073;ICA1036i;#:;551;R:d; i:;x.x.x.129;s:;1.2.3.4;d:;1.0.0.2;p:;udp;sp:;6502;dp:;6502;r:;r;a:;n;f:;n;T:;0;e:;n;l:;134; Jul 22 14:48:41 xxxx: 1999;9630: 2073;ICA1036i;#:;551;R:d; i:;x.x.x.129;s:;1.2.3.4;d:;1.0.0.2;p:;udp;sp:;6502;dp:;6502;r:;r;a:;n;f:;n;T:;0;e:;n;l:;134; The x.x.x.129 is the Firewall DMZ interface (`i'nterface of transit) s = source d = destination What is REALLY strange, and worries me, is that the destination is 1.0.0.2, which is masqueraded! I can go to other hosts on the net, any protocol and it works... Question: am I seeing a NetOp specific thing ? Do they encapsulate the return address ? It looks like it. IMHO, there is no way the FW could know the address of the source host otherwise... -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message