From nobody@FreeBSD.ORG Tue May 18 12:10:04 1999
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 52587150E6; Tue, 18 May 1999 12:10:04 -0700 (PDT)
Message-Id: <19990518191004.52587150E6@hub.freebsd.org>
Date: Tue, 18 May 1999 12:10:04 -0700 (PDT)
From: mitch@hardwarestreet.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@freebsd.org
Subject: Can not traceroute through ipnat.
X-Send-Pr-Version: www-1.0

>Number:         11766
>Category:       kern
>Synopsis:       Can not traceroute through ipnat.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    darrenr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 18 12:20:01 PDT 1999
>Closed-Date:    Wed Feb 21 13:26:38 PST 2001
>Last-Modified:  Wed Feb 21 13:26:54 PST 2001
>Originator:     Mitch Wright
>Release:        FreeBSD 3.1-RELEASE #0
>Organization:
HardwareStreet.com
>Environment:
bash-2.02# uname -a
FreeBSD bc.internetstreet.net 3.1-RELEASE FreeBSD 3.1-RELEASE #0: Sun Mar 28 09:54:29 PST 1999     mitch@bc.netline.com:/usr/src/sys/compile/BC  i386
>Description:
I have enabled the IPFILTER options in the kernel and am making use of ipnat.  Most things work as expected; however, traceroute does not.
It simply times out after hitting the NAT box and goes no further.

I've cvsup'd the latest sources, but that hasn't seemed to help.
>How-To-Repeat:
The obvious.... enable IPFILTER in your kernel and set up ipnat.
The rules I am using are quite simple..

map fxp1 10.20.30.0/24 -> 207.20.86.209/32 portmap tcp/udp 10000:65000
map fxp1 10.20.30.0/24 -> 207.20.86.209/32
#
map fxp1 10.20.30.0/24 -> 207.20.86.209/32 proxy port ftp ftp/tcp

>Fix:
Well... I think it is simply a matter of updating the version of
ipfilter being used.  A similar (same?) bug is mentioned in the HISTORY
file of the latest ipfilter (3.2.10).

>Release-Note:
>Audit-Trail:

From: Bill Fumerola <billf@jade.chc-chimes.com>
To: mitch@hardwarestreet.com
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: kern/11766: Can not traceroute through ipnat.
Date: Tue, 18 May 1999 15:40:58 -0400 (EDT)

 On Tue, 18 May 1999 mitch@hardwarestreet.com wrote:
 
 > Well... I think it is simply a matter of updating the version of
 > ipfilter being used.  A similar (same?) bug is mentioned in the HISTORY
 > file of the latest ipfilter (3.2.10).  
 
 Hmmm.. this seems to have suffered from bitrot, maybe it's time for me to
 learn 'cvs import' better.
 
 - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp -
 - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org  -
 
 
 
 

From: mitch@hardwarestreet.com
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: kern/11766: Can not traceroute through ipnat.
Date: Thu, 3 Jun 1999 14:32:23 -0700 (PDT)

 I've looked at the FreeBSD 3.2 and the older release of ipfilter still
 seems to be what the kernel is being built with.  That release, which
 is in /usr/src/contrib, is quite old and has a number of bugs including
 the one which I am reporting in kern/11766.
 
 Are there plans to integrate the current ipfilter release into FreeBSD
 like this older one has been?  Is there someone already responsible for
 doing this?  If not, I could possibly see if I can get it into my current
 schedule...
 
   ~mitch
 
 
 /* gnats-admin@freebsd.org [gnats-admin@freebsd.org] writes: */
 
 >Thank you very much for your problem report.
 >It has the internal identification `kern/11766'.
 >The individual assigned to look at your
 >report is: freebsd-bugs. 
 >
 >>Category:       kern
 >>Responsible:    freebsd-bugs
 >>Synopsis:       Can not traceroute through ipnat.
 >>Arrival-Date:   Tue May 18 12:20:01 PDT 1999
 >
 
State-Changed-From-To: open->feedback 
State-Changed-By: darrenr 
State-Changed-When: Thu May 25 12:54:52 PDT 2000 
State-Changed-Why:  
Please test drive this with the current version of IP FIlter now in the 
FreeBSD tree.  I believe this problem to be licked. 
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: darrenr 
Responsible-Changed-When: Sun Sep 17 01:39:02 PDT 2000 
Responsible-Changed-Why:  
darrenr is responsible 

http://www.freebsd.org/cgi/query-pr.cgi?pr=11766 

From: Darren Reed <darrenr@pobox.com>
To: freebsd-gnats-submit@FreeBSD.org, mitch@hardwarestreet.com
Cc:  
Subject: Re: kern/11766: Can not traceroute through ipnat.
Date: Sun, 17 Sep 2000 19:50:51 +1100

 Mitch,
          Whilst this hasn't been fixed back in FreeBSD 3.X, this should
 not be a problem
 if you upgrade either IP Filter or FreeBSD.  If I hear nothing more from
 you on this over
 the next week or so, I'll close this.
 
 
 
State-Changed-From-To: feedback->closed 
State-Changed-By: darrenr 
State-Changed-When: Wed Feb 21 13:26:38 PST 2001 
State-Changed-Why:  
recent imports have addressed this problem 

http://www.freebsd.org/cgi/query-pr.cgi?pr=11766 
>Unformatted:
