Date: Sat, 25 Jan 1997 18:42:20 +0000 From: Brian Somers <brian@awfulhak.demon.co.uk> To: Archie Cobbs <archie@whistle.com> Cc: hackers@freebsd.org, ari.suutari@ps.carel.fi, cmott@srv.net Subject: Re: ipdivert & masqd Message-ID: <199701251842.SAA11494@awfulhak.demon.co.uk> In-Reply-To: Your message of "Thu, 23 Jan 1997 23:59:50 PST." <199701240759.XAA01349@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[stuff about ping turnarounds not being diverted deleted]
>
> Brian,
> Can I take it from you recent email to the hackers list that
> you solved the problem?
>
> -Archie
Nope - as Ari Suutari wrote to me and said:
Hi,
About two sockets - you might also need them.
My first version used also only one socket, but there
were some cases where kernel packet filtering loop
avoidance code was confused when incoming and outgoing
packets were put into same socket. The result was that
some packets were not diverted which in turn resulted
in connection failures. With separate sockets for
incoming and outgoing packets everything works fine.
The idea in natd is that user makes modifications in
/etc/rc.firewall to set it up. The test script is only
for testing - you are not expected to use it for anything else.
(perhaps I should mention this in README file).
Both these main programs are very much alike for obvious
reasons: all the brains is in the code written by Charles.
Ari S.
On investigation, he's correct. Tcp & udp return setup packets coming into
the machine with masqd running seem to disappear - masqd sees them, but when
it injects them back into the divert socket they disappear (the app never
sees them).
This shows itself when you try to initiate a tcp/udp connection through the
divert sockets from the machine running masqd.... a timeout occurs. However,
machines that are having packets forwarded through the masqd machine are fine.
I'll have a look at the divert code and see if I can come up with anything
interresting.
running masqd are
--
Brian <brian@awfulhak.demon.co.uk>, <brian@freebsd.org>
<http://www.awfulhak.demon.co.uk/>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701251842.SAA11494>