In NetBSD 2.0.x, there is ipfilter 4.1.3. On my NetBSD 2.0.x router, I have
ipfilter installing IPv6 rules, and IPv4 rules, and I have ipnat configured to
do NATing.
Amongst the rules I have in my ipnat.conf, I have:
# Redirect outgoing HTTP queries to the squid cache rdr vlan1 0/0 port 80 -> 127.0.0.1 port 3128 tcp
This works just fine for IPv4. However, it appears that it is attempting to
do this port map, erroniously, on IPv6 as well. My ipf6.conf logs blocked out-
going packets, and sees:
31/03/2005 10:26:50.644614 gre1 @0:4 b 2001:408:1010:20:7f00:1:fe50:82a,49551 -> 2001:200:0:8002:203:47ff:fea5:3085,3128 PR tcp len 40 80 -S OUT
31/03/2005 10:26:53.337204 gre1 @0:4 b 2001:408:1010:20:7f00:1:fe50:82a,49551 -> 2001:200:0:8002:203:47ff:fea5:3085,3128 PR tcp len 40 80 -S OUT
..when I initiate a connection to www.kame.net (IPv6 address 2001:200:0:8002:203:47ff:fea5:3085) port 80. As you can see from the packet trying to leave my router, it has been mapped to the squid port, but the address has been left alone. Assumedly because it's in the wrong family.
I assume this is a NetBSD bug, but I'm talking to the ipfilter list as well, in case someone else has seen this sort of problem.
Thanks! Please let me know if you have a fix.
- Chris
