ipfw nat/natd

Prokofiev S.P. proks at logos.sky.od.ua
Tue Aug 5 16:12:19 UTC 2008 

I have a problem at the scheme:

( gw     ) <-----> (   nat_router  ) <-----> ( https )
   real.ip0        real.ip1 10.19.90.1        10.19.90.2

If I use ipfw+natd on nat_router then redirect to https server and to 
nat_router local address 10.19.90.1 is well, but if ipfw+nat - redirect to 
nat_router local address is fail. This is bug ?


ipfw+nat schema

- on nat_router
   - ipfw rules
     ipfw nat 1 config if vlan2 log redirect_port tcp 10.19.90.1:5000 5000 \
                                    redirect_port tcp 10.19.90.2:443 443
     ipfw add 500 nat 1 log ip from any to any via vlan2 //  nat
   - iperf -s -p 5000

- on gw
   - iperf -p 5000 -c real.ip1

tcpdump -np -i vlan2 host real.ip0


18:36:08.170034 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 785027736 0,sackOK,eol>
18:36:08.170093 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785027736>
18:36:11.170239 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785027736>
18:36:11.208523 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 785030736 0,sackOK,eol>
18:36:11.208554 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785030736>
18:36:14.208712 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785030736>
18:36:14.448772 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,nop,wscale 2,nop,nop,timestamp 785033936 0,sackOK,eol>
18:36:14.448802 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785033936>
18:36:17.449225 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,timestamp 3232246011 
785033936>
18:36:17.689771 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,sackOK,eol>
18:36:17.689801 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>
18:36:20.689736 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>
18:36:20.944763 IP real.ip0.60950 > real.ip1.5000: S 3167071663:3167071663(0) 
win 65535 <mss 1460,sackOK,eol>
18:36:20.944794 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>
18:36:23.945252 IP real.ip1.5000 > real.ip0.60950: S 655190881:655190881(0) ack 
3167071664 win 65535 <mss 1460,nop,wscale 3,sackOK,eol>


Thanks all!

More information about the freebsd-net mailing list