Date: Tue, 28 Jan 1997 18:18:24 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: brian@awfulhak.demon.co.uk (Brian Somers) Cc: hackers@freebsd.org, ari.suutari@ps.carel.fi, cmott@srv.net Subject: Re: ipdivert & masqd Message-ID: <199701290218.SAA21188@bubba.whistle.com> In-Reply-To: <199701251842.SAA11494@awfulhak.demon.co.uk> from Brian Somers at "Jan 25, 97 06:42:20 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > Can I take it from you recent email to the hackers list that > > you solved the problem? > > Nope - as Ari Suutari wrote to me and said: > Hi, > > About two sockets - you might also need them. > My first version used also only one socket, but there > were some cases where kernel packet filtering loop > avoidance code was confused when incoming and outgoing > packets were put into same socket. The result was that > some packets were not diverted which in turn resulted > in connection failures. With separate sockets for > incoming and outgoing packets everything works fine. > > The idea in natd is that user makes modifications in > /etc/rc.firewall to set it up. The test script is only > for testing - you are not expected to use it for anything else. > (perhaps I should mention this in README file). > > Both these main programs are very much alike for obvious > reasons: all the brains is in the code written by Charles. > > Ari S. > > On investigation, he's correct. Tcp & udp return setup packets coming into > the machine with masqd running seem to disappear - masqd sees them, but when > it injects them back into the divert socket they disappear (the app never > sees them). > > This shows itself when you try to initiate a tcp/udp connection through the > divert sockets from the machine running masqd.... a timeout occurs. However, > machines that are having packets forwarded through the masqd machine are fine. > I'll have a look at the divert code and see if I can come up with anything > interresting. Under which version(s) of FreeBSD are you guys having this problem ? I'm trying to track it down... Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701290218.SAA21188>