Hi there,
I have strange problem with natd and ICMP 3.4 (destination unreachable/
fragmentation needed) packets.
Situation:
- we have FreeBSD 4.2-20001228-STABLE box with ipfw and natd configured
xl0 interface have public address 195.168.x.x
xl1 interface is connected to our intranet with private addr 10.10.1.1
ipfw show:
00100 0 0 allow ip from any to any via lo0
...
09200 0 0 divert 8668 ip from any to any via xl0
09300 0 0 allow ip from any to any
natd is running with arguments: natd -n xl0
- behind freebsd box is cisco router with GRE tunnel
195.168.x.x
xl0 --------- xl1 10.10.1.0/24 (MTU 1500)
-------| FreeBSD |------------------------------------------------------....
--------- |
ipfw +NAT |
|
| 10.10.1.2
----------
| CISCO 1 |
----------
||
||
|| GRE tunnel (MTU 1476)
||
||
||
----------
| CISCO 2 |
----------
| 10.10.20.0/24 ----
---------------------------------| PC |
----
10.10.20.2
Problem:
If cisco router CISCO 1 sends ICMP 3.4 packet to any server on Internet,
natd on FreeBSD box aliases data inside ICMP packet, but not IP headers
There is tcpdump on xl1 interface:
11:56:54.376974 10.10.1.2 > 195.168.3.210: icmp: 10.10.20.2 unreachable - need to frag
(mtu 1476)
and on xl0 interface:
11:56:55.216974 10.10.1.2 > 195.168.3.210: icmp: 195.168.x.x unreachable - need to
frag (mtu 1476)
^^^^^^^^^ ^^^^^^^^^^^
Is this bug in natd or make I some mistake in configuration?
Regards,
--
======================================================================
Bohus PLUCINSKY e-mail: [EMAIL PROTECTED]
Network Engineer
N E X T R A
Plynarenska 1 tel: +421 7 58 228 111
824 71 Bratislava 26 fax: +421 7 58 228 222
S L O V A K I A http://www.nextra.sk
=======================================================================
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
