[Bug 201519] pf NAT translates ICMP type 3 packects incorrectly

Wed Aug 3 21:40:10 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201519

--- Comment #11 from clbuisson at orange.fr ---
There is nothing complicated in my setup !

1. An Internal network with "private" IPv4 addresses
2. A Gateway/Router/Firewall connected to this internal network, and to the
Internet (ADSL), and NATing the traffic betwwen 1 and 3
3. The Internet with any system, for exemple www.freebsd.org

On a system on the internal network, if I do

traceroute www.freebsd.org

I get

- first line: the internal address/name of the gateway (OK)
- a number of lines, one for each intermediate router on the Internet, but
labelled with the address/name of www.freebsd.org (!OK)
- last line: the address/name of www.freebsd.org (OK)

Details seem irrelevant (anyone can find the address of www/freebsd.org ..),
and
the effect of outgoing NAT on UDP or ICMP (in case of traceroute -I) is
supposed
known. It is clear that the bug is in the NAT of the ICMP TIME_EXCEEDED
received
from the Internet (invalid substitution of the address of the responding router
with address of the traceroute target).

-- 
You are receiving this mail because:
You are the assignee for the bug.