From nobody@FreeBSD.org  Sat May 28 11:20:43 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 71E61106566B
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 28 May 2011 11:20:43 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 609D58FC17
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 28 May 2011 11:20:43 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p4SBKg0w021364
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 28 May 2011 11:20:42 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p4SBKgVQ021363;
	Sat, 28 May 2011 11:20:42 GMT
	(envelope-from nobody)
Message-Id: <201105281120.p4SBKgVQ021363@red.freebsd.org>
Date: Sat, 28 May 2011 11:20:42 GMT
From: Eugen Konkov <kes-kes@yandex.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: mtr does not work if I use ipfw nat
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         157379
>Category:       kern
>Synopsis:       [ipfw] mtr does not work if I use ipfw nat
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ipfw
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat May 28 11:30:08 UTC 2011
>Closed-Date:    Thu Jul 07 09:44:30 UTC 2011
>Last-Modified:  Thu Jul  7 09:50:13 UTC 2011
>Originator:     Eugen Konkov
>Release:        9.0-CURRENT
>Organization:
ISP FreeLine
>Environment:
uname -a
FreeBSD bor 9.0-CURRENT FreeBSD 9.0-CURRENT #1: Wed Feb 23 09:39:22 UTC 2011     @:/usr/obj/usr/src/sys/KES_KERN_v9  i386

>Description:
mtr 213.180.204.3
mtr 94.100.191.203
while doing mtr on other session do tcpdump:
listening on vlan407, link-type EN10MB (Ethernet), capture size 65535 bytes
13:15:22.791802 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 59520, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe72 0000 0101 9831 4d5d 3404 d5b4  .@.r.....1M]4...
        0x0020:  cc03 0800 3754 d82a e880 0000 0000 0000  ....7T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:22.892287 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 59776, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe75 0000 0201 972e 4d5d 3404 d5b4  .@.u......M]4...
        0x0020:  cc03 0800 3654 d82a e980 0000 0000 0000  ....6T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:22.992803 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 60032, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe7c 0000 0301 9627 4d5d 3404 d5b4  .@.|.....'M]4...
        0x0020:  cc03 0800 3554 d82a ea80 0000 0000 0000  ....5T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:23.093404 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 60288, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe7f 0000 0401 9524 4d5d 3404 d5b4  .@.......$M]4...
        0x0020:  cc03 0800 3454 d82a eb80 0000 0000 0000  ....4T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:23.193854 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 60544, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe85 0000 0501 941e 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 3354 d82a ec80 0000 0000 0000  ....3T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:23.294431 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 60800, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe89 0000 0601 931a 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 3254 d82a ed80 0000 0000 0000  ....2T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:23.394907 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 61056, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe8e 0000 0701 9215 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 3154 d82a ee80 0000 0000 0000  ....1T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:23.538341 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 61312, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe90 0000 0101 9813 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 3054 d82a ef80 0000 0000 0000  ....0T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:23.681751 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 61568, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fe9b 0000 0201 9708 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2f54 d82a f080 0000 0000 0000  ..../T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:23.913457 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 61824, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fea3 0000 0301 9600 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2e54 d82a f180 0000 0000 0000  .....T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:24.057309 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 62080, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 fea7 0000 0401 94fc 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2d54 d82a f280 0000 0000 0000  ....-T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:24.200882 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 62336, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 feaa 0000 0501 93f9 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2c54 d82a f380 0000 0000 0000  ....,T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:24.344392 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 62592, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 feb0 0000 0601 92f3 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2b54 d82a f480 0000 0000 0000  ....+T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:24.487980 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 62848, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 feb4 0000 0701 91ef 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2a54 d82a f580 0000 0000 0000  ....*T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:24.631766 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 63104, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 feb9 0000 0101 97ea 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2954 d82a f680 0000 0000 0000  ....)T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:24.775333 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 63360, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 febb 0000 0201 96e8 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2854 d82a f780 0000 0000 0000  ....(T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:24.918849 IP 77.93.52.4 > 213.180.204.3: ICMP echo request, id 55338, seq 63616, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 febf 0000 0301 95e4 4d5d 3404 d5b4  .@........M]4...
        0x0020:  cc03 0800 2754 d82a f880 0000 0000 0000  ....'T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:28.649027 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 59520, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff44 0000 0101 1ae8 4d5d 3404 5e64  .@.D......M]4.^d
        0x0020:  bfcb 0800 3654 d92a e880 0000 0000 0000  ....6T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:28.749496 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 59776, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff4b 0000 0201 19e1 4d5d 3404 5e64  .@.K......M]4.^d
        0x0020:  bfcb 0800 3554 d92a e980 0000 0000 0000  ....5T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:28.850068 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 60032, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff4f 0000 0301 18dd 4d5d 3404 5e64  .@.O......M]4.^d
        0x0020:  bfcb 0800 3454 d92a ea80 0000 0000 0000  ....4T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:28.950591 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 60288, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff55 0000 0401 17d7 4d5d 3404 5e64  .@.U......M]4.^d
        0x0020:  bfcb 0800 3354 d92a eb80 0000 0000 0000  ....3T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.051139 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 60544, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff58 0000 0501 16d4 4d5d 3404 5e64  .@.X......M]4.^d
        0x0020:  bfcb 0800 3254 d92a ec80 0000 0000 0000  ....2T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.082387 IP 94.100.191.203 > 77.93.52.4: ICMP echo reply, id 55594, seq 60544, length 44
        0x0000:  001c c0c8 5a4e 0015 17bc 8cb2 0800 4500  ....ZN........E.
        0x0010:  0040 f9d0 0000 3a01 e75b 5e64 bfcb 4d5d  .@....:..[^d..M]
        0x0020:  3404 0000 3a54 d92a ec80 0000 0000 0000  4...:T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.151650 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 60800, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff61 0000 0601 15cb 4d5d 3404 5e64  .@.a......M]4.^d
        0x0020:  bfcb 0800 3154 d92a ed80 0000 0000 0000  ....1T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.182947 IP 94.100.191.203 > 77.93.52.4: ICMP echo reply, id 55594, seq 60800, length 44
        0x0000:  001c c0c8 5a4e 0015 17bc 8cb2 0800 4500  ....ZN........E.
        0x0010:  0040 f9d1 0000 3a01 e75a 5e64 bfcb 4d5d  .@....:..Z^d..M]
        0x0020:  3404 0000 3954 d92a ed80 0000 0000 0000  4...9T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.319164 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 61056, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff64 0000 0101 1ac8 4d5d 3404 5e64  .@.d......M]4.^d
        0x0020:  bfcb 0800 3054 d92a ee80 0000 0000 0000  ....0T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.486285 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 61312, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff6d 0000 0201 19bf 4d5d 3404 5e64  .@.m......M]4.^d
        0x0020:  bfcb 0800 2f54 d92a ef80 0000 0000 0000  ..../T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.653592 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 61568, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff7a 0000 0301 18b2 4d5d 3404 5e64  .@.z......M]4.^d
        0x0020:  bfcb 0800 2e54 d92a f080 0000 0000 0000  .....T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.820990 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 61824, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff86 0000 0401 17a6 4d5d 3404 5e64  .@........M]4.^d
        0x0020:  bfcb 0800 2d54 d92a f180 0000 0000 0000  ....-T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:29.988234 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 62080, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff94 0000 0501 1698 4d5d 3404 5e64  .@........M]4.^d
        0x0020:  bfcb 0800 2c54 d92a f280 0000 0000 0000  ....,T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:30.018923 IP 94.100.191.203 > 77.93.52.4: ICMP echo reply, id 55594, seq 62080, length 44
        0x0000:  001c c0c8 5a4e 0015 17bc 8cb2 0800 4500  ....ZN........E.
        0x0010:  0040 f9d2 0000 3a01 e759 5e64 bfcb 4d5d  .@....:..Y^d..M]
        0x0020:  3404 0000 3454 d92a f280 0000 0000 0000  4...4T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:30.020145 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 62336, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff96 0000 0101 1a96 4d5d 3404 5e64  .@........M]4.^d
        0x0020:  bfcb 0800 2b54 d92a f380 0000 0000 0000  ....+T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:30.220915 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 62592, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff99 0000 0201 1993 4d5d 3404 5e64  .@........M]4.^d
        0x0020:  bfcb 0800 2a54 d92a f480 0000 0000 0000  ....*T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:30.421681 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 62848, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ff9c 0000 0301 1890 4d5d 3404 5e64  .@........M]4.^d
        0x0020:  bfcb 0800 2954 d92a f580 0000 0000 0000  ....)T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:30.622383 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 63104, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ffa2 0000 0401 178a 4d5d 3404 5e64  .@........M]4.^d
        0x0020:  bfcb 0800 2854 d92a f680 0000 0000 0000  ....(T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:30.823029 IP 77.93.52.4 > 94.100.191.203: ICMP echo request, id 55594, seq 63360, length 44
        0x0000:  0015 17bc 8cb2 001c c0c8 5a4e 0800 4500  ..........ZN..E.
        0x0010:  0040 ffa8 0000 0501 1684 4d5d 3404 5e64  .@........M]4.^d
        0x0020:  bfcb 0800 2754 d92a f780 0000 0000 0000  ....'T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............
13:15:30.855245 IP 94.100.191.203 > 77.93.52.4: ICMP echo reply, id 55594, seq 63360, length 44
        0x0000:  001c c0c8 5a4e 0015 17bc 8cb2 0800 4500  ....ZN........E.
        0x0010:  0040 f9d3 0000 3a01 e758 5e64 bfcb 4d5d  .@....:..X^d..M]
        0x0020:  3404 0000 2f54 d92a f780 0000 0000 0000  4.../T.*........
        0x0030:  0000 0000 0000 0000 0000 0000 0000 0000  ................
        0x0040:  0000 0000 0000 0000 0000 0000 0000       ..............


I have next firewall rules
27256  837110393  768523132480 nat 101 ip from any to 77.93.52.4 in recv vlan407
27490  839235989  768673636925 allow ip from any to any in recv vlan407
27499          0             0 deny log ip from any to any via vlan407
27499          0             0 skipto 65000 ip from any to any
27756  354470115  133051085278 nat 101 ip from 192.168.0.0/16 to any out xmit vlan407
27890  999734221  872518576234 allow ip from any to any out xmit vlan407
27899          0             0 deny log ip from any to any via vlan407

ipfw nat 101 config ip 77.93.52.4 unreg_only reset

when I delete these rules and add 
ipfw add 1 allow all from any to any
mtr works fine without any problem.
when configure NAT to divert packet to natd. mtr also works fine.
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-i386->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun May 29 23:40:09 UTC 2011 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=157379 

From: "Alexander V. Chernikov" <melifaro@ipfw.ru>
To: bug-followup@FreeBSD.org, kes-kes@yandex.ru
Cc:  
Subject: Re: kern/157379: [ipfw] mtr does not work if I use ipfw nat
Date: Mon, 30 May 2011 15:23:34 +0400

 This seems to be a duplicate of kern/122109

From: "Andrey V. Elsukov" <ae@FreeBSD.org>
To: bug-followup@FreeBSD.org, kes-kes@yandex.ru
Cc:  
Subject: Re: kern/157379: [ipfw] mtr does not work if I use ipfw nat
Date: Mon, 06 Jun 2011 09:51:09 +0400

 Hi,
 
 Can you test this patch?
 http://people.freebsd.org/~ae/ipfw_nat.diff
 
 -- 
 WBR, Andrey V. Elsukov
State-Changed-From-To: open->feedback 
State-Changed-By: ae 
State-Changed-When: Mon Jun 6 06:59:19 UTC 2011 
State-Changed-Why:  
Feedback requested. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=157379 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/157379: commit references a PR
Date: Tue,  7 Jun 2011 06:42:39 +0000 (UTC)

 Author: ae
 Date: Tue Jun  7 06:42:29 2011
 New Revision: 222806
 URL: http://svn.freebsd.org/changeset/base/222806
 
 Log:
   Make a behaviour of the libalias based in-kernel NAT a bit closer to
   how natd(8) does work. natd(8) drops packets only when libalias returns
   PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
   always did drop packets that were not aliased, even if they should
   not be aliased and just are going through.
   
   PR:		kern/122109, kern/129093, kern/157379
   Submitted by:	Alexander V. Chernikov (previous version)
   MFC after:	1 month
 
 Modified:
   head/sys/netinet/ipfw/ip_fw_nat.c
 
 Modified: head/sys/netinet/ipfw/ip_fw_nat.c
 ==============================================================================
 --- head/sys/netinet/ipfw/ip_fw_nat.c	Tue Jun  7 06:18:02 2011	(r222805)
 +++ head/sys/netinet/ipfw/ip_fw_nat.c	Tue Jun  7 06:42:29 2011	(r222806)
 @@ -262,17 +262,27 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c,
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval == PKT_ALIAS_RESPOND) {
 -		m->m_flags |= M_SKIP_FIREWALL;
 -		retval = PKT_ALIAS_OK;
 -	}
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  		args->m = NULL;
  		return (IP_FW_DENY);
  	}
 +
 +	if (retval == PKT_ALIAS_RESPOND)
 +		m->m_flags |= M_SKIP_FIREWALL;
  	mcl->m_pkthdr.len = mcl->m_len = ntohs(ip->ip_len);
  
  	/*
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: feedback->patched 
State-Changed-By: ae 
State-Changed-When: Tue Jun 7 06:55:06 UTC 2011 
State-Changed-Why:  
Patched in head/. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=157379 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/157379: commit references a PR
Date: Thu,  7 Jul 2011 09:29:26 +0000 (UTC)

 Author: ae
 Date: Thu Jul  7 09:29:11 2011
 New Revision: 223835
 URL: http://svn.freebsd.org/changeset/base/223835
 
 Log:
   MFC r222806:
     Make a behaviour of the libalias based in-kernel NAT a bit closer to
     how natd(8) does work. natd(8) drops packets only when libalias returns
     PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
     always did drop packets that were not aliased, even if they should
     not be aliased and just are going through.
   
     PR:		kern/122109, kern/129093, kern/157379
     Submitted by:	Alexander V. Chernikov (previous version)
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_fw_nat.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_nat.c
 ==============================================================================
 --- stable/8/sys/netinet/ipfw/ip_fw_nat.c	Thu Jul  7 08:33:58 2011	(r223834)
 +++ stable/8/sys/netinet/ipfw/ip_fw_nat.c	Thu Jul  7 09:29:11 2011	(r223835)
 @@ -263,17 +263,27 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c,
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval == PKT_ALIAS_RESPOND) {
 -		m->m_flags |= M_SKIP_FIREWALL;
 -		retval = PKT_ALIAS_OK;
 -	}
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  		args->m = NULL;
  		return (IP_FW_DENY);
  	}
 +
 +	if (retval == PKT_ALIAS_RESPOND)
 +		m->m_flags |= M_SKIP_FIREWALL;
  	mcl->m_pkthdr.len = mcl->m_len = ntohs(ip->ip_len);
  
  	/*
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: ae 
State-Changed-When: Thu Jul 7 09:43:57 UTC 2011 
State-Changed-Why:  
Merged to stable/7 and stable/8. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=157379 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/157379: commit references a PR
Date: Thu,  7 Jul 2011 09:42:50 +0000 (UTC)

 Author: ae
 Date: Thu Jul  7 09:42:32 2011
 New Revision: 223837
 URL: http://svn.freebsd.org/changeset/base/223837
 
 Log:
   MFC r222806:
     Make a behaviour of the libalias based in-kernel NAT a bit closer to
     how natd(8) does work. natd(8) drops packets only when libalias returns
     PKT_ALIAS_IGNORED and "deny_incoming" option is set, but ipfw_nat
     always did drop packets that were not aliased, even if they should
     not be aliased and just are going through.
   
     PR:		kern/122109, kern/129093, kern/157379
     Submitted by:	Alexander V. Chernikov (previous version)
 
 Modified:
   stable/7/sys/netinet/ip_fw_nat.c
 Directory Properties:
   stable/7/sys/   (props changed)
   stable/7/sys/cddl/contrib/opensolaris/   (props changed)
   stable/7/sys/contrib/dev/acpica/   (props changed)
   stable/7/sys/contrib/pf/   (props changed)
 
 Modified: stable/7/sys/netinet/ip_fw_nat.c
 ==============================================================================
 --- stable/7/sys/netinet/ip_fw_nat.c	Thu Jul  7 09:32:43 2011	(r223836)
 +++ stable/7/sys/netinet/ip_fw_nat.c	Thu Jul  7 09:42:32 2011	(r223837)
 @@ -322,8 +322,18 @@ ipfw_nat(struct ip_fw_args *args, struct
  	else
  		retval = LibAliasOut(t->lib, c, 
  			mcl->m_len + M_TRAILINGSPACE(mcl));
 -	if (retval != PKT_ALIAS_OK &&
 -	    retval != PKT_ALIAS_FOUND_HEADER_FRAGMENT) {
 +	/*
 +	 * We drop packet when:
 +	 * 1. libalias returns PKT_ALIAS_ERROR;
 +	 * 2. For incoming packets:
 +	 *	a) for unresolved fragments;
 +	 *	b) libalias returns PKT_ALIAS_IGNORED and
 +	 *		PKT_ALIAS_DENY_INCOMING flag is set.
 +	 */
 +	if (retval == PKT_ALIAS_ERROR ||
 +	    (args->oif == NULL && (retval == PKT_ALIAS_UNRESOLVED_FRAGMENT ||
 +	    (retval == PKT_ALIAS_IGNORED &&
 +	    (t->lib->packetAliasMode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
  		/* XXX - should i add some logging? */
  		m_free(mcl);
  	badnat:
 _______________________________________________
 svn-src-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
 
>Unformatted:
