From nobody@FreeBSD.org  Wed Aug 23 11:49:58 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A58816A4DF
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 23 Aug 2006 11:49:58 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1026C43D46
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 23 Aug 2006 11:49:58 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k7NBnvUk061647
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 23 Aug 2006 11:49:57 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k7NBnvKK061645;
	Wed, 23 Aug 2006 11:49:57 GMT
	(envelope-from nobody)
Message-Id: <200608231149.k7NBnvKK061645@www.freebsd.org>
Date: Wed, 23 Aug 2006 11:49:57 GMT
From: Vadym <vikulin@unitedthinkers.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: FreeBSD 6.1+VPN+ipnat+ipf:     (portmapping)
X-Send-Pr-Version: www-2.3

>Number:         102429
>Category:       conf
>Synopsis:       FreeBSD 6.1+VPN+ipnat+ipf:     (portmapping)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 23 11:50:19 GMT 2006
>Closed-Date:    Mon Jul 16 13:13:09 GMT 2007
>Last-Modified:  Mon Jul 16 13:13:09 GMT 2007
>Originator:     Vadym
>Release:        6.1
>Organization:
United Thinkers
>Environment:
FreeBS.6.1-RELEASE FreeBSD 6/1 -RELEASE #0: Thu Jan 6 07:14:37 UTC 2000 root@FreeBSD.:/usr/src/sys/i386/compile/kernel_08_12_2006 I386
>Description:
  FreeBSD      192.168.0..
      (IP : 192.168.25.135).
 -    (IP: 192.168.0.1).
     VPN   192.168.25.135  VPN  192.168.25.1 (PPTP ). NAT   ipnat c ipf
  :
                                  21  80     192.168.0.5.
>How-To-Repeat:
   :
  VPN   tun0 c  IP: 195.39.x.x

ifconfig  
__________________________________________________________________________________________________________________

rl0: 192.168.0.1/24 active
rl1: 192.168.25.135/24 active
tun0:195.39.x.x->10.100.101.1
ping   -  

rc.conf
__________________________________________________________________________________________________________________

hostname=FreeBS.			
nisdomainname="NO"		
dhclient_program="/sbin/dhclient"	
dhclient_flags=""		
background_dhclient="NO"	
firewall_enable="NO"		
firewall_script="/etc/rc.firewall" 
firewall_type="/etc/firewall.conf"
firewall_quiet="NO"		
firewall_logging="NO"	
firewall_flags=""		
ip_portrange_first="NO"	
ip_portrange_last="NO"	
ike_enable="NO"		
ike_program="/usr/local/sbin/isakmpd"
ike_flags=""			
ipsec_enable="NO"		
ipsec_file="/etc/ipsec.conf"	
natd_program="/sbin/natd"	
natd_enable="NO"		
#natd_interface="rl1"	
#natd_flags="-redirect_port tcp 192.168.0.5:21 21"
#natd_flags="-a 192.168.25.1"
#natd_flags="-f /etc/natd.conf"
ipfilter_enable="YES"	
ipfilter_program="/sbin/ipf"	
ipfilter_rules="/etc/ipf.rules"	
			
ipfilter_flags=""		
ipnat_enable="YES"	
ipnat_program="/sbin/ipnat"	
ipnat_rules="/etc/ipnat.rules"
ipnat_flags=""		
ipmon_enable="YES"	
ipmon_program="/sbin/ipmon"
ipmon_flags="-Ds"		
ipfs_enable="YES"		
			
ipfs_program="/sbin/ipfs"	
ipfs_flags=""		
pf_enable="NO"		
pf_rules="/etc/pf.conf"	
pf_program="/sbin/pfctl"	
pf_flags=""		
pflog_enable="NO"		
pflog_logfile="/var/log/pflog"	
pflog_program="/sbin/pflogd"	
pflog_flags=""		
pfsync_enable="NO"	
pfsync_syncdev=""		
pfsync_ifconfig=""		
tcp_extensions="YES"	
log_in_vain="0"		
tcp_keepalive="YES"	

tcp_drop_synfin="NO"		
				
icmp_drop_redirect="YES" 	
icmp_log_redirect="YES"	
network_interfaces="rl0 rl1 tun0 ng0"	
cloned_interfaces=""		
sppp_interfaces=""		
gif_interfaces="NO"	

ppp_enable="NO"		
ppp_program="/usr/sbin/ppp"	
ppp_mode="auto"		
			
ppp_nat="YES"		
ppp_profile="papchap"	
ppp_user="root"		
hostapd_enable="NO"		
syslogd_enable="YES"		
syslogd_program="/usr/sbin/syslogd" 
syslogd_flags="-s"		
inetd_enable="NO"		
inetd_program="/usr/sbin/inetd"
inetd_flags="-wW -C 60"	
#
# named.  It may be possible to run named in a sandbox, man security for
# details.
#
named_enable="NO"		
named_program="/usr/sbin/named"	
#named_flags="" 		
named_pidfile="/var/run/named/pid"
named_uid="bind" 		
named_chrootdir="/var/named"
named_chroot_autoupdate="YES"
			
named_symlink_enable="YES"	

defaultrouter=192.168.25.1		
static_routes=""		
natm_static_routes=""	
gateway_enable="YES"	
router_enable="NO"	
router="/sbin/routed"	
router_flags="-q"		
mrouted_enable="NO"	
mrouted_flags=""		
ipxgateway_enable="NO"	
ipxrouted_enable="NO"	
ipxrouted_flags=""		
arpproxy_all="NO"		
forward_sourceroute="NO"	
accept_sourceroute="NO"	

### Miscellaneous network options: ###
icmp_bmcastecho="NO"	
if [ -z "${source_rc_confs_defined}" ]; then
	source_rc_confs_defined=yes
	source_rc_confs () {
		local i sourced_files
		for i in ${rc_conf_files}; do
			case ${sourced_files} in
			*:$i:*)
				;;
			*)
				sourced_files="${sourced_files}:$i:"
				if [ -r $i ]; then
					. $i
				fi
				;;
			esac
		done
	}
fi
ifconfig_rl0="inet 192.168.0.1 netmask 0xffffff00"
ifconfig_rl1="inet 192.168.25.135 netmask 0xffffff00"
ifconfig_lo0="inet 127.0.0.1"
__________________________________________________________________________________________________________________
ppp.conf
__________________________________________________________________________________________________________________

vpn:
 dns enable
 nat enable yes
 set authname nikolay
 set authkey 911
 set timeout 0
 set ifaddr 0 0
 add default HISADDR
__________________________________________________________________________________________________________________
ipnat.rules
__________________________________________________________________________________________________________________

rdr tun0 195.39.253.24/32 port 21 -> 192.168.0.5 port 21
rdr tun0 195.39.253.24/32 port 80 -> 192.168.0.5 port 80
map tun0 192.168.0.0/24 -> 195.39.253.24/32 proxy port ftp ftp/tcp
map tun0 192.168.0.0/24 -> 195.39.253.24/32 portmap tcp/udp 10000:60000
map tun0 192.168.0.0/24 -> 195.39.253.24/32
__________________________________________________________________________________________________________________
ipf.rules
__________________________________________________________________________________________________________________

pass in all
pass out all
__________________________________________________________________________________________________________________
   ftp (192.168.0.5)   21
tcpdump rl0  :
__________________________________________________________________________________________________________________

08:38:19 3528202 arp who-has 192.168.0.1 tell 192.168.0.5
352829 arp replay 192.168.0.1 is-at 00:02:44:66:05:a1 (oi Unknown)
352925 IP 192.168.0.5.4332 > 195.39.253.24.ftp: S 2706215230:2706215230 (0) win 65535 <msss 1460,nop, nop, sack Ok>
352969 IP 195.39.x.x.ftp: > 192.168.0.5.4332: R 0:0(0) ack 2706215231 win 0
813373 IP 192.168.0.5.4332 > 195.39.x.x.ftp : S 2706215230:2706215230 (0) win 65535 <mss 1460, nop, nop,sackOk>
813400 IP 195.39.x.x.ftp > 192.168.0.5.4332 : R 0:0(0) ack 1 win 0
316291 IP 192.168.0.5.4332 > 195.39.x.x.ftp : S 2706215230:2706215230 (0) win 65535 <mss 1460, nop, nop, sackOk>
316324 IP 195.39.x.x.ftp > 192.168.0.5.4332 : R 0:0(0) ack 1 win 0
__________________________________________________________________________________________________________________

    80.
>Fix:
 
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: gavin 
State-Changed-When: Wed Jun 13 22:25:18 UTC 2007 
State-Changed-Why:  

To submitter:  Please, if possible, submit your problem report 
in English.  If not possible, you will probably have more luck 
with one of the FreeBSD mailing lists in your own language, see 
http://www.freebsd.org/community/mailinglists.html 

http://www.freebsd.org/cgi/query-pr.cgi?pr=102429 
State-Changed-From-To: feedback->closed 
State-Changed-By: gavin 
State-Changed-When: Mon Jul 16 13:11:35 UTC 2007 
State-Changed-Why:  
Feedback timeout (1 month).  To submitter:  If this still a problem, 
please try to summarise your problem in English, or ask on a mailing 
list in your native language.  Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=102429 
>Unformatted:
