From dolgopolskiy@gefest.ua  Wed Aug 23 12:31:20 2006
Return-Path: <dolgopolskiy@gefest.ua>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2B9C916A4DE
	for <freebsd-gnats-submit@freebsd.org>; Wed, 23 Aug 2006 12:31:20 +0000 (UTC)
	(envelope-from dolgopolskiy@gefest.ua)
Received: from gefest.ua (relay.gefest.ua [62.221.44.18])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CC86643D72
	for <freebsd-gnats-submit@freebsd.org>; Wed, 23 Aug 2006 12:31:18 +0000 (GMT)
	(envelope-from dolgopolskiy@gefest.ua)
Received: from GefestTalons ([192.168.10.151])
	by gefest.ua (8.13.8/8.13.7) with SMTP id k7NCUjr0032682;
	Wed, 23 Aug 2006 15:30:47 +0300 (EEST)
	(envelope-from dolgopolskiy@gefest.ua)
Message-Id: <000801c6c6b0$cbcc37a0$970aa8c0@GefestTalons>
Date: Wed, 23 Aug 2006 15:36:43 +0300
From: "=?koi8-r?B?+uHvIFwi58XGxdPUXCI=?=" <dolgopolskiy@gefest.ua>
To: "Vadym" <vikulin@unitedthinkers.com>, <freebsd-gnats-submit@freebsd.org>
Subject: =?koi8-r?B?UmU6IGNvbmYvMTAyNDI5OiBGcmVlQlNEIDYuMStWUE4raXBuYXQraQ==?=
	=?koi8-r?B?cGY6IM7FINLBws/UwcXUINDF0sXOwdDSwdfMxc7JxSDQz9LUz9cgKHBvcnQ=?=
	=?koi8-r?B?bWFwcGluZyk=?=
References: <200608231149.k7NBnvKK061645@www.freebsd.org>

>Number:         102430
>Category:       junk
>Synopsis:       =?koi8-r?B?UmU6IGNvbmYvMTAyNDI5OiBGcmVlQlNEIDYuMStWUE4raXBuYXQraQ==?=
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    linimon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Aug 23 12:40:23 GMT 2006
>Closed-Date:    Wed Aug 23 16:34:14 GMT 2006
>Last-Modified:  Wed Aug 23 16:34:14 GMT 2006
>Originator:     
>Release:        
>Organization:
>Environment:
>Description:
     ???
 ----- Original Message -----
 From: "Vadym" <vikulin@unitedthinkers.com>
 To: <freebsd-gnats-submit@freebsd.org>
 Sent: Wednesday, August 23, 2006 2:49 PM
 Subject: conf/102429: FreeBSD 6.1+VPN+ipnat+ipf:   
  (portmapping)
 
 
 >
 > >Number:         102429
 > >Category:       conf
 > >Synopsis:       FreeBSD 6.1+VPN+ipnat+ipf:   
  (portmapping)
 > >Confidential:   no
 > >Severity:       serious
 > >Priority:       high
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:
 > >Keywords:
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Wed Aug 23 11:50:19 GMT 2006
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     Vadym
 > >Release:        6.1
 > >Organization:
 > United Thinkers
 > >Environment:
 > FreeBS.6.1-RELEASE FreeBSD 6/1 -RELEASE #0: Thu Jan 6 07:14:37 UTC 2000
 root@FreeBSD.:/usr/src/sys/i386/compile/kernel_08_12_2006 I386
 > >Description:
 >   FreeBSD      192.168.0..
 >       (IP : 192.168.25.135).
 >  -    (IP: 192.168.0.1).
 >      VPN   192.168.25.135  VPN
  192.168.25.1 (PPTP ). NAT   ipnat c ipf
 >   :
 >                                   21  80
     192.168.0.5.
 > >How-To-Repeat:
 >    :
 >   VPN   tun0 c  IP: 195.39.x.x
 >
 > ifconfig  
 >
 ____________________________________________________________________________
 ______________________________________
 >
 > rl0: 192.168.0.1/24 active
 > rl1: 192.168.25.135/24 active
 > tun0:195.39.x.x->10.100.101.1
 > ping   -  
 >
 > rc.conf
 >
 ____________________________________________________________________________
 ______________________________________
 >
 > hostname=FreeBS.
 > nisdomainname="NO"
 > dhclient_program="/sbin/dhclient"
 > dhclient_flags=""
 > background_dhclient="NO"
 > firewall_enable="NO"
 > firewall_script="/etc/rc.firewall"
 > firewall_type="/etc/firewall.conf"
 > firewall_quiet="NO"
 > firewall_logging="NO"
 > firewall_flags=""
 > ip_portrange_first="NO"
 > ip_portrange_last="NO"
 > ike_enable="NO"
 > ike_program="/usr/local/sbin/isakmpd"
 > ike_flags=""
 > ipsec_enable="NO"
 > ipsec_file="/etc/ipsec.conf"
 > natd_program="/sbin/natd"
 > natd_enable="NO"
 > #natd_interface="rl1"
 > #natd_flags="-redirect_port tcp 192.168.0.5:21 21"
 > #natd_flags="-a 192.168.25.1"
 > #natd_flags="-f /etc/natd.conf"
 > ipfilter_enable="YES"
 > ipfilter_program="/sbin/ipf"
 > ipfilter_rules="/etc/ipf.rules"
 >
 > ipfilter_flags=""
 > ipnat_enable="YES"
 > ipnat_program="/sbin/ipnat"
 > ipnat_rules="/etc/ipnat.rules"
 > ipnat_flags=""
 > ipmon_enable="YES"
 > ipmon_program="/sbin/ipmon"
 > ipmon_flags="-Ds"
 > ipfs_enable="YES"
 >
 > ipfs_program="/sbin/ipfs"
 > ipfs_flags=""
 > pf_enable="NO"
 > pf_rules="/etc/pf.conf"
 > pf_program="/sbin/pfctl"
 > pf_flags=""
 > pflog_enable="NO"
 > pflog_logfile="/var/log/pflog"
 > pflog_program="/sbin/pflogd"
 > pflog_flags=""
 > pfsync_enable="NO"
 > pfsync_syncdev=""
 > pfsync_ifconfig=""
 > tcp_extensions="YES"
 > log_in_vain="0"
 > tcp_keepalive="YES"
 >
 > tcp_drop_synfin="NO"
 >
 > icmp_drop_redirect="YES"
 > icmp_log_redirect="YES"
 > network_interfaces="rl0 rl1 tun0 ng0"
 > cloned_interfaces=""
 > sppp_interfaces=""
 > gif_interfaces="NO"
 >
 > ppp_enable="NO"
 > ppp_program="/usr/sbin/ppp"
 > ppp_mode="auto"
 >
 > ppp_nat="YES"
 > ppp_profile="papchap"
 > ppp_user="root"
 > hostapd_enable="NO"
 > syslogd_enable="YES"
 > syslogd_program="/usr/sbin/syslogd"
 > syslogd_flags="-s"
 > inetd_enable="NO"
 > inetd_program="/usr/sbin/inetd"
 > inetd_flags="-wW -C 60"
 > #
 > # named.  It may be possible to run named in a sandbox, man security for
 > # details.
 > #
 > named_enable="NO"
 > named_program="/usr/sbin/named"
 > #named_flags=""
 > named_pidfile="/var/run/named/pid"
 > named_uid="bind"
 > named_chrootdir="/var/named"
 > named_chroot_autoupdate="YES"
 >
 > named_symlink_enable="YES"
 >
 > defaultrouter=192.168.25.1
 > static_routes=""
 > natm_static_routes=""
 > gateway_enable="YES"
 > router_enable="NO"
 > router="/sbin/routed"
 > router_flags="-q"
 > mrouted_enable="NO"
 > mrouted_flags=""
 > ipxgateway_enable="NO"
 > ipxrouted_enable="NO"
 > ipxrouted_flags=""
 > arpproxy_all="NO"
 > forward_sourceroute="NO"
 > accept_sourceroute="NO"
 >
 > ### Miscellaneous network options: ###
 > icmp_bmcastecho="NO"
 > if [ -z "${source_rc_confs_defined}" ]; then
 > source_rc_confs_defined=yes
 > source_rc_confs () {
 > local i sourced_files
 > for i in ${rc_conf_files}; do
 > case ${sourced_files} in
 > *:$i:*)
 > ;;
 > *)
 > sourced_files="${sourced_files}:$i:"
 > if [ -r $i ]; then
 > . $i
 > fi
 > ;;
 > esac
 > done
 > }
 > fi
 > ifconfig_rl0="inet 192.168.0.1 netmask 0xffffff00"
 > ifconfig_rl1="inet 192.168.25.135 netmask 0xffffff00"
 > ifconfig_lo0="inet 127.0.0.1"
 >
 ____________________________________________________________________________
 ______________________________________
 > ppp.conf
 >
 ____________________________________________________________________________
 ______________________________________
 >
 > vpn:
 >  dns enable
 >  nat enable yes
 >  set authname nikolay
 >  set authkey 911
 >  set timeout 0
 >  set ifaddr 0 0
 >  add default HISADDR
 >
 ____________________________________________________________________________
 ______________________________________
 > ipnat.rules
 >
 ____________________________________________________________________________
 ______________________________________
 >
 > rdr tun0 195.39.253.24/32 port 21 -> 192.168.0.5 port 21
 > rdr tun0 195.39.253.24/32 port 80 -> 192.168.0.5 port 80
 > map tun0 192.168.0.0/24 -> 195.39.253.24/32 proxy port ftp ftp/tcp
 > map tun0 192.168.0.0/24 -> 195.39.253.24/32 portmap tcp/udp 10000:60000
 > map tun0 192.168.0.0/24 -> 195.39.253.24/32
 >
 ____________________________________________________________________________
 ______________________________________
 > ipf.rules
 >
 ____________________________________________________________________________
 ______________________________________
 >
 > pass in all
 > pass out all
 >
 ____________________________________________________________________________
 ______________________________________
 >    ftp (192.168.0.5)   21
 > tcpdump rl0  :
 >
 ____________________________________________________________________________
 ______________________________________
 >
 > 08:38:19 3528202 arp who-has 192.168.0.1 tell 192.168.0.5
 > 352829 arp replay 192.168.0.1 is-at 00:02:44:66:05:a1 (oi Unknown)
 > 352925 IP 192.168.0.5.4332 > 195.39.253.24.ftp: S 2706215230:2706215230
 (0) win 65535 <msss 1460,nop, nop, sack Ok>
 > 352969 IP 195.39.x.x.ftp: > 192.168.0.5.4332: R 0:0(0) ack 2706215231 win
 0
 > 813373 IP 192.168.0.5.4332 > 195.39.x.x.ftp : S 2706215230:2706215230 (0)
 win 65535 <mss 1460, nop, nop,sackOk>
 > 813400 IP 195.39.x.x.ftp > 192.168.0.5.4332 : R 0:0(0) ack 1 win 0
 > 316291 IP 192.168.0.5.4332 > 195.39.x.x.ftp : S 2706215230:2706215230 (0)
 win 65535 <mss 1460, nop, nop, sackOk>
 > 316324 IP 195.39.x.x.ftp > 192.168.0.5.4332 : R 0:0(0) ack 1 win 0
 >
 ____________________________________________________________________________
 ______________________________________
 >
 >     80.
 > >Fix:
 >  
 > >Release-Note:
 > >Audit-Trail:
 > >Unformatted:
 > _______________________________________________
 > freebsd-bugs@freebsd.org mailing list
 > http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
 > To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"
 
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Wed Aug 23 16:33:10 UTC 2006 
State-Changed-Why:  
This reply is misformatted and I can't understand to what PR it is trying 
to follow-up. 


Responsible-Changed-From-To: gnats-admin->linimon 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Wed Aug 23 16:33:10 UTC 2006 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=102430 
>Unformatted:
 	=?koi8-r?B?cGY6IM7FINLBws/UwcXUINDF0sXOwdDSwdfMxc7JxSDQz9LUz9cgKHBvcnQ=?=
 	=?koi8-r?B?bWFwcGluZyk=?=
