From nobody@FreeBSD.ORG  Sat Aug 19 02:32:16 2000
Return-Path: <nobody@FreeBSD.ORG>
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 35A6737B424; Sat, 19 Aug 2000 02:32:16 -0700 (PDT)
Message-Id: <20000819093216.35A6737B424@hub.freebsd.org>
Date: Sat, 19 Aug 2000 02:32:16 -0700 (PDT)
From: markm68k@yahoo.com
Sender: nobody@FreeBSD.ORG
To: freebsd-gnats-submit@FreeBSD.org
Subject: errant traceroute output from behind natd
X-Send-Pr-Version: www-1.0

>Number:         20713
>Category:       misc
>Synopsis:       errant traceroute output from behind natd
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 19 02:40:00 PDT 2000
>Closed-Date:    Sat Aug 19 03:06:02 PDT 2000
>Last-Modified:  Sat Aug 19 03:06:45 PDT 2000
>Originator:     Mark Miller
>Release:        4.1-RELEASE
>Organization:
>Environment:
FreeBSD myhost 4.1-RELEASE FreeBSD 4.1-RELEASE #7: Mon Aug 14 21:32:29 PDT 2000     me@myhost:/usr/src/sys/compile/MYHOST  i386

>Description:
Setting up a firewall rule to send the icmp unreachable for a tcp connection causes the icmp response that is sent to say that the firewall itself is unreachable.

>How-To-Repeat:
1. install FreeBSD 4.1-RELEASE
2. configure an "open" firewall
3. configure a natd alias internal interface.
3. add a "unreach host-prohib" rule (e.g. telnet)
4. from a computer connected to the FreeBSD computer behind a natd connection, try to connect to the unreachable host via tcp (e.g. telnet)
5. watch the results from tcpdump.

>Fix:
unknown.


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dwmalone 
State-Changed-When: Sat Aug 19 03:06:02 PDT 2000 
State-Changed-Why:  
Duplicate of 20714 with wrong subject. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20713 
>Unformatted:
