Re: [Shorewall-users] Difficult NAT problem

Sat, 28 Apr 2018 12:56:34 -0700 

And, after a reboot, another trace. Interesting that the SRC doesn't
change, is that normal? tcpdump shows the source as 192.168.1.40 as it
should be.

20:40:07.993967 IP 192.168.1.40.5060 > 192.168.1.35.5060: SIP: REGISTER sip:
192.168.1.35:5060 SIP/2.0
20:40:08.022623 IP 192.168.1.35.5060 > 192.168.1.40.5060: SIP: SIP/2.0 200
OK

Apr 28 20:35:33 voyage3 kernel: [  397.226199] TRACE:
raw:PREROUTING:policy:13 IN=vlan1 OUT=
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=10.1.0.252
LEN=31 TOS=0x00 PREC=0x60 TTL=64 ID=51546 PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226237] TRACE:
mangle:PREROUTING:policy:1 IN=vlan1 OUT=
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=10.1.0.252
LEN=31 TOS=0x00 PREC=0x60 TTL=64 ID=51546 PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226258] TRACE: nat:PREROUTING:rule:1
IN=vlan1 OUT= MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3
DST=10.1.0.252 LEN=31 TOS=0x00 PREC=0x60 TTL=64 ID=51546 PROTO=UDP SPT=5060
DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226289] TRACE: mangle:FORWARD:rule:1
IN=vlan1 OUT=wlan1 MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
SRC=10.1.0.3 DST=192.168.1.35 LEN=31 TOS=0x00 PREC=0x60 TTL=63 ID=51546
PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226308] TRACE:
mangle:FORWARD:policy:2 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=31 TOS=0x00 PREC=0x60 TTL=63 ID=51546 PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226327] TRACE: filter:FORWARD:rule:1
IN=vlan1 OUT=wlan1 MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
SRC=10.1.0.3 DST=192.168.1.35 LEN=31 TOS=0x00 PREC=0x60 TTL=63 ID=51546
PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226348] TRACE:
filter:clean_frwd:rule:1 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=31 TOS=0x00 PREC=0x60 TTL=63 ID=51546 PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226369] TRACE:
filter:dynamic:return:1 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=31 TOS=0x00 PREC=0x60 TTL=63 ID=51546 PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226392] TRACE:
filter:clean_frwd:rule:5 IN=vlan1 OUT=wlan1
MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00 SRC=10.1.0.3 DST=192.168.1.35
LEN=31 TOS=0x00 PREC=0x60 TTL=63 ID=51546 PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226406] TRACE:
mangle:POSTROUTING:policy:1 IN= OUT=wlan1 SRC=10.1.0.3 DST=192.168.1.35
LEN=31 TOS=0x00 PREC=0x60 TTL=63 ID=51546 PROTO=UDP SPT=5060 DPT=5060 LEN=11
Apr 28 20:35:33 voyage3 kernel: [  397.226419] TRACE:
nat:POSTROUTING:rule:2 IN= OUT=wlan1 SRC=10.1.0.3 DST=192.168.1.35 LEN=31
TOS=0x00 PREC=0x60 TTL=63 ID=51546 PROTO=UDP SPT=5060 DPT=5060 LEN=11


On Sat, Apr 28, 2018 at 8:26 PM, Norman Henderson <norm.aud...@gmail.com>
wrote:

> Hi Tom,
> No sign of anything netfilters related in syslog or other log files -
> maybe there is a log setting I am missing? I did run a trace and got the
> following (repeated frequently):
> Apr 28 20:20:06 voyage3 kernel: [264672.580371] TRACE:
> raw:PREROUTING:policy:13 IN=vlan1 OUT= 
> MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
> SRC=10.1.0.3 DST=10.1.0.252 LEN=411 TOS=0x00 PREC=0x60 TTL=64 ID=51087
> PROTO=UDP SPT=5060 DPT=5060 LEN=391
> Apr 28 20:20:06 voyage3 kernel: [264672.580399] TRACE:
> mangle:PREROUTING:policy:1 IN=vlan1 OUT= 
> MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
> SRC=10.1.0.3 DST=10.1.0.252 LEN=411 TOS=0x00 PREC=0x60 TTL=64 ID=51087
> PROTO=UDP SPT=5060 DPT=5060 LEN=391
> Apr 28 20:20:06 voyage3 kernel: [264672.580423] TRACE:
> mangle:FORWARD:rule:1 IN=vlan1 OUT=wlan1 
> MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
> SRC=10.1.0.3 DST=192.168.1.35 LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087
> PROTO=UDP SPT=5060 DPT=5060 LEN=391
> Apr 28 20:20:06 voyage3 kernel: [264672.580436] TRACE:
> mangle:FORWARD:policy:2 IN=vlan1 OUT=wlan1 
> MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
> SRC=10.1.0.3 DST=192.168.1.35 LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087
> PROTO=UDP SPT=5060 DPT=5060 LEN=391
> Apr 28 20:20:06 voyage3 kernel: [264672.580448] TRACE:
> filter:FORWARD:rule:1 IN=vlan1 OUT=wlan1 
> MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
> SRC=10.1.0.3 DST=192.168.1.35 LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087
> PROTO=UDP SPT=5060 DPT=5060 LEN=391
> Apr 28 20:20:06 voyage3 kernel: [264672.580463] TRACE:
> filter:clean_frwd:rule:1 IN=vlan1 OUT=wlan1 
> MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
> SRC=10.1.0.3 DST=192.168.1.35 LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087
> PROTO=UDP SPT=5060 DPT=5060 LEN=391
> Apr 28 20:20:06 voyage3 kernel: [264672.580477] TRACE:
> filter:dynamic:return:1 IN=vlan1 OUT=wlan1 
> MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
> SRC=10.1.0.3 DST=192.168.1.35 LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087
> PROTO=UDP SPT=5060 DPT=5060 LEN=391
> Apr 28 20:20:06 voyage3 kernel: [264672.580490] TRACE:
> filter:clean_frwd:rule:5 IN=vlan1 OUT=wlan1 
> MAC=78:45:c4:17:55:91:08:00:27:e6:9f:f5:08:00
> SRC=10.1.0.3 DST=192.168.1.35 LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087
> PROTO=UDP SPT=5060 DPT=5060 LEN=391
> Apr 28 20:20:06 voyage3 kernel: [264672.580499] TRACE:
> mangle:POSTROUTING:policy:1 IN= OUT=wlan1 SRC=10.1.0.3 DST=192.168.1.35
> LEN=411 TOS=0x00 PREC=0x60 TTL=63 ID=51087 PROTO=UDP SPT=5060 DPT=5060
> LEN=391
>
> Is that any help, or are there other diagnostics I should run?
>
>
>
> On Sat, Apr 28, 2018 at 5:56 PM, Tom Eastep <teas...@shorewall.net> wrote:
>
>> On 04/28/2018 12:24 AM, Norman Henderson wrote:
>> > Thanks again. Attached are 2 dump files. The first, last night wasn't
>> > immediately after a reboot but it was at a point when the UDP NAT was
>> > working correctly. By this morning UDP NAT was no longer working and I
>> > took the second dump.
>> > Best, Norm
>> Norm,
>>
>> The rulesets in the two dumps are identical. I see the following
>> conntrack table entry, however:
>>
>> udp      17 3599 src=10.1.0.3 dst=10.1.0.252 sport=5060 dport=5060
>> [UNREPLIED] src=192.168.1.35 dst=10.1.0.3 sport=5060 dport=5060 mark=0
>> helper=sip use=1
>>
>> This is an attempt to connect from 10.1.0.3 to 10.1.0.252 which get
>> correctly forwarded to 192.168.1.35. The source IP, however, has not
>> been changed, just as you report. The next thing to do would be to
>> review the syslog between the times of the two dumps to see if there are
>> any netfilter-related messages.
>>
>> -Tom
>>
>> --
>> Tom Eastep        \   Q: What do you get when you cross a mobster with
>> Shoreline,         \     an international standard?
>> Washington, USA     \ A: Someone who makes you an offer you can't
>> http://shorewall.org \   understand
>>                       \_______________________________________________
>>
>>
>>
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Shorewall-users mailing list
>> Shorewall-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>>
>>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to