From kolya@astrons.org  Tue Aug 24 15:55:49 2004
Return-Path: <kolya@astrons.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DE8DE16A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Aug 2004 15:55:49 +0000 (GMT)
Received: from smtp2.apollo.lv (smtp2.apollo.lv [80.232.168.210])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A313943D1F
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 24 Aug 2004 15:55:48 +0000 (GMT)
	(envelope-from kolya@astrons.org)
Received: by smtp2.apollo.lv (CommuniGate Pro PIPE 4.2)
  with PIPE id 23560476; Tue, 24 Aug 2004 18:15:38 +0300
Received: from [81.198.23.153] (HELO wskolya)
  by smtp2.apollo.lv (CommuniGate Pro SMTP 4.2)
  with ESMTP id 23560467 for FreeBSD-gnats-submit@freebsd.org; Tue, 24 Aug 2004 18:15:31 +0300
Message-Id: <002e01c489f2$d76025b0$9917c651@wskolya>
Date: Tue, 24 Aug 2004 18:55:56 +0300
From: "Kolya Karpov" <kolya@astrons.org>
To: <FreeBSD-gnats-submit@freebsd.org>
Subject: ipfilter ipnat problem with h323 proxy support

>Number:         70904
>Category:       kern
>Synopsis:       [ipfilter] ipfilter ipnat problem with h323 proxy support
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    cy
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 24 16:00:39 GMT 2004
>Closed-Date:    
>Last-Modified:  Wed Jul 03 05:11:08 UTC 2013
>Originator:     Kolya Karpov
>Release:        FreeBSD 5.2.1-RELEASE-p9 i386
>Organization:
Astrons LTD
>Environment:
System: FreeBSD ns3.astrons.lv 5.2.1-RELEASE-p9 FreeBSD 5.2.1-RELEASE-p9
#0: Sat Aug 21 15:38:30 EEST 2004
root@ns3.apollo.lv:/usr/src/sys/i386/compile/NS i386

FreeBSD 5.2.1-RELEASE-p9 #0: Sat Aug 21 15:38:30 EEST 2004
    root@ns3.apollo.lv:/usr/src/sys/i386/compile/NS
Preloaded elf kernel "/boot/kernel/kernel" at 0xc0676000. Timecounter
"i8254" frequency 1193182 Hz quality 0
CPU: Pentium/P54C (150.00-MHz 586-class CPU)
  Origin = "GenuineIntel"  Id = 0x52c  Stepping = 12
  Features=0x1bf<FPU,VME,DE,PSE,TSC,MSR,MCE,CX8>
real memory  = 33554432 (32 MB)
avail memory = 27267072 (26 MB)
Intel Pentium detected, installing workaround for F00F bug
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcibios: BIOS version 2.10
Using $PIR table, 5 entries at 0xc00fd7b0
pcib0: <Host to PCI bridge> at pcibus 0 on motherboard
pci0: <PCI bus> on pcib0
pci_cfgintr: 0:17 INTA BIOS irq 12
pci_cfgintr: 0:18 INTA BIOS irq 9
pci_cfgintr: 0:19 INTA BIOS irq 10
pci_cfgintr: 0:20 INTA BIOS irq 11
isab0: <PCI-ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX3 WDMA2 controller> port 0xf000-0xf00f at device 7.1
on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata0: [MPSAFE]
ata1: at 0x170 irq 15 on atapci0
ata1: [MPSAFE]
rl0: <RealTek 8139 10/100BaseTX> port 0x6100-0x61ff mem
0xe4001000-0xe40010ff irq 12 at device 17.0 on pci0
rl0: Ethernet address: 00:30:4f:1b:b3:06
miibus0: <MII bus> on rl0
rlphy0: <RealTek internal media interface> on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
rl1: <RealTek 8139 10/100BaseTX> port 0x6200-0x62ff mem
0xe4000000-0xe40000ff irq 9 at device 18.0 on pci0
rl1: Ethernet address: 00:40:f4:31:1a:ca
miibus1: <MII bus> on rl1
rlphy1: <RealTek internal media interface> on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pci0: <display, VGA> at device 19.0 (no driver attached)
rl2: <RealTek 8139 10/100BaseTX> port 0x6300-0x63ff mem
0xe4002000-0xe40020ff irq 11 at device 20.0 on pci0
rl2: Ethernet address: 00:e0:7d:f9:e0:34
miibus2: <MII bus> on rl2
rlphy2: <RealTek internal media interface> on miibus2
rlphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
orm0: <Option ROM> at iomem 0xc0000-0xc7fff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x64,0x60 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on
isa0
unknown: <PNP0303> can't assign resources (port)
Timecounter "TSC" frequency 150001104 Hz quality 800 Timecounters tick
every 1.000 msec ipfw2 initialized, divert disabled, rule-based
forwarding enabled, default to accept, logging limited to 100
packets/entry by default IP Filter: v3.4.31 initialized.  Default = pass
all, Logging = enabled
GEOM: create disk ad0 dp=0xcadf1960
ad0: 1623MB <FUJITSU M1623TAU> [3298/16/63] at ata0-master WDMA2
Mounting root from ufs:/dev/ad0s1a

>Description:

Try to use h323 proxy in IPFILTER, but when parsing ipnat config file i
get: 
110 entries flushed from NAT table
7 entries flushed from NAT list
1:ioctl(SIOCADNAT): No such file or directory

Here is ipnat conf file:

map rl0 0/0 -> 0/32 proxy port 1720 h323/tcp
map rl0 0/0 -> 0/32 proxy port ftp ftp/tcp
map rl0 192.168.0.0/24 -> 217.199.99.45/32
map rl0 192.168.1.0/24 -> 217.199.99.46/32

rdr rl0 217.199.99.45/32 port 3306 -> 192.168.0.2 port 3306 tcp rdr rl0
217.199.99.45/32 port 874 -> 192.168.0.2 port 873 tcp

rdr rl0 217.199.99.36/32 port 873 -> 192.168.0.2 port 873 tcp rdr rl0
217.199.99.37/32 port 873 -> 192.168.0.2 port 873 tcp

FTP proxy works, but h323 - now.
Kernel is compiled with options

IPFILTER
IPFILTER_LOG

tried to add BRIDGE support and others rhings like DUMMYNET - result is
the same.

Tried all systems till 6.0-CURRENT - bug remains. 
>How-To-Repeat:

Install base system, compile kernel with IPFILTER support, or load
IPFilter module, enable h323 proxy and get an error.

>Fix:

I'm not so good in programming to patch this ;(

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-i386->darrenr 
Responsible-Changed-By: arved 
Responsible-Changed-When: Thu Aug 26 22:08:33 GMT 2004 
Responsible-Changed-Why:  
Over to ipfilter maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70904 
Responsible-Changed-From-To: freebsd-net->cy 
Responsible-Changed-By: cy 
Responsible-Changed-When: Wed Jul 3 05:10:54 UTC 2013 
Responsible-Changed-Why:  
Mine. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=70904 
>Unformatted:
