misc/162739: ipfw+nat redirect_addr option no longer works (as expected?)

Mon, 21 Nov 2011 14:20:26 -0800 

>Number:         162739
>Category:       misc
>Synopsis:       ipfw+nat redirect_addr option no longer works (as expected?)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 21 22:20:05 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Terrence Koeman
>Release:        8.2-STABLE on 2011.07.10.03.00.00
>Organization:
>Environment:
FreeBSD satanael 8.2-STABLE FreeBSD 8.2-STABLE #30: Mon Nov 21 17:18:52 CET 
2011     terrence@satanael:/usr/obj/usr/src/sys/SATANAEL-SMP  amd64

compiled from cvs 2011.07.10.03.00.00
>Description:
I updated a 8-STABLE machine recently (last update february 2011) and noticed 
that the static NAT translations stopped working.

Relevant ipfw rules:

----
$cmd nat   20 config  ip $outsidenat \
    redirect_addr 172.16.0.70 ext.ext.ext.70 \
    redirect_addr 172.16.0.68 ext.ext.ext.68 \
    redirect_addr 172.16.0.69 ext.ext.ext.69 \
    redirect_addr 172.16.0.71 ext.ext.ext.71 \
    redirect_addr 172.16.0.72 ext.ext.ext.72 \
    redirect_addr 172.16.0.73 ext.ext.ext.73 \
    redirect_addr 172.16.0.74 ext.ext.ext.74 \
    redirect_addr 172.16.0.75 ext.ext.ext.75 \
    redirect_addr 172.16.0.76 ext.ext.ext.76 \
    redirect_addr 172.16.0.77 ext.ext.ext.77 

  $cmd add 00450 nat   20       all  from $insidenet        to not $insidenet   
    out via $outside

  $cmd add 00500 nat   20       all  from any               to $outsidenet      
    in  via $outside
----

This makes 172.16.0.70-77 get static nat-ed to ext.ext.ext.70-77 and any other 
172.16.0.0/12 to $outsidenat.

This works when I use cvs 2011.07.01.03.00.00, and this stops working when I 
use 2011.07.10.03.00.00. 

With 'stops working' I mean that clients 172.16.0.70-77 are translated to 
$outsidenat instead of ext.ext.ext.70-77 as expected. When I remove the general 
nat IP (ip $outsidenat), translation ceases entirely.

I suspected that svn commit r223872 
(http://lists.freebsd.org/pipermail/svn-src-stable-8/2011-July/005776.html) 
might be the cause and chose the dates accordingly. The problem seems to be 
caused by this change.
>How-To-Repeat:
Use cvs 2011.07.10.03.00.00, compile,install kernel & world. redirect_addr 
stops working.
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"

Reply via email to