From nobody@FreeBSD.ORG  Sat Aug 19 02:25:26 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 0749637B43F; Sat, 19 Aug 2000 02:25:26 -0700 (PDT)
Message-Id: <20000819092526.0749637B43F@hub.freebsd.org>
Date: Sat, 19 Aug 2000 02:25:26 -0700 (PDT)
From: markm68k@yahoo.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: errant traceroute output from behind natd
X-Send-Pr-Version: www-1.0

>Number:         20712
>Category:       misc
>Synopsis:       errant traceroute output from behind natd
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 19 02:30:02 PDT 2000
>Closed-Date:    Tue Sep 26 10:28:46 PDT 2000
>Last-Modified:  Tue Sep 26 10:31:07 PDT 2000
>Originator:     Mark Miller
>Release:        4.1-RELEASE
>Organization:
>Environment:
FreeBSD myhost 4.1-RELEASE FreeBSD 4.1-RELEASE #7: Mon Aug 14 21:32:29 PDT 2000     me@myhost:/usr/src/sys/compile/MYHOST  i386

>Description:
When running traceroute from a computer which is connected to a FreeBSD 4.1-RELEASE box via a natd alias internal interface, the output report is not correct.  This is the output of traceroute to www.freebsd.org:

traceroute to freefall.freebsd.org (216.136.204.21), 30 hops max, 40 byte packets
 1  freefall.freebsd.org (216.136.204.21)  4.164 ms  3.092 ms  3.053 ms
 2  freefall.freebsd.org (216.136.204.21)  34 ms  31.441 ms  33.467 ms
 3  freefall.freebsd.org (216.136.204.21)  27.402 ms  19.899 ms  19.829 ms
 4  freefall.freebsd.org (216.136.204.21)  19.527 ms  37.497 ms  21.049 ms
 5  freefall.freebsd.org (216.136.204.21)  20.22 ms  33.82 ms  30.611 ms
 6  freefall.freebsd.org (216.136.204.21)  21.973 ms  21.07 ms  32.729 ms
 7  freefall.freebsd.org (216.136.204.21)  38.95 ms  22.33 ms  21.103 ms
 8  freefall.freebsd.org (216.136.204.21)  23.571 ms  21.945 ms  22.781 ms
 9  freefall.freebsd.org (216.136.204.21)  33.078 ms  32.007 ms  35.327 ms
10  freefall.freebsd.org (216.136.204.21)  48.748 ms  32.419 ms  33.242 ms
11  freefall.freebsd.org (216.136.204.21)  32.552 ms  31.183 ms  33.039 ms
12  freefall.freebsd.org (216.136.204.21)  33.113 ms  36.89 ms  35.685 ms
13  freefall.freebsd.org (216.136.204.21)  31.588 ms  35.64 ms  37.114 ms
14  freefall.freebsd.org (216.136.204.21)  34.84 ms  46.235 ms  42.252 ms

Some testing has resulted in the following conclusions:

1. Problems are very likely related to the natd code.

2. It appears to be limited to udp traffic.

3. It corrupts any icmp packets sent in response to a udp packet by changing the source of the icmp to be the destination of the udp packet.

>How-To-Repeat:
1. install FreeBSD 4.1-RELEASE
2. configure an "open" firewall
3. configure natd with a single NIC, and an alias internal interface.
4. run "traceroute www.freebsd.org" from a different computer connected via natd to the freebsd box.
5. watch the errant output from traceroute.

>Fix:
unknown.


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->ru 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Tue Aug 22 08:12:33 PDT 2000 
Responsible-Changed-Why:  
Over to the nat maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20712 

From: Archie Cobbs <archie@whistle.com>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: misc/20712: errant traceroute output from behind natd
Date: Thu, 31 Aug 2000 15:02:14 -0700

 It is my opinion that you should never change the source IP address
 of an incoming ICMP error packet (i.e., the source address of the
 outer packet). This is the policy we use in the InterJet's address
 translation and it works fine.
 
 -Archie
 
 ___________________________________________________________________________
 Archie Cobbs   *   Whistle Communications, Inc.  *  
 http://www.whistle.com
 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Tue Sep 26 10:28:46 PDT 2000 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=20712 
>Unformatted:
