NetBSD Problem Report #30851

From prlw1@newn.cam.ac.uk  Wed Jul 27 18:31:29 2005
Return-Path: <prlw1@newn.cam.ac.uk>
Received: from henry.newn.cam.ac.uk (henry.newn.cam.ac.uk [131.111.204.130])
	by narn.netbsd.org (Postfix) with ESMTP id D825E63B104
	for <gnats-bugs@gnats.NetBSD.org>; Wed, 27 Jul 2005 18:31:28 +0000 (UTC)
Message-Id: <E1Dxqgb-00062j-Lp@quartz.newn.cam.ac.uk>
Date: Wed, 27 Jul 2005 19:31:21 +0100
From: prlw1@cam.ac.uk
Sender: "Patrick Welche,SCC,ext.35710," <prlw1@newn.cam.ac.uk>
Reply-To: prlw1@cam.ac.uk
To: gnats-bugs@netbsd.org
Subject: bge breaks ipnat
X-Send-Pr-Version: 3.95

>Number:         30851
>Category:       kern
>Synopsis:       bad NAT with bge
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 27 18:32:00 +0000 2005
>Originator:     Patrick Welche
>Release:        NetBSD 3.99.7
>Organization:

>Environment:
cvs of 20 July 2005 11:12 UTC
Architecture: i386
Machine: i386
>Description:
When bge(4) is the external interface on which an ipnat mapping is defined,
the return packets are blocked because of "bad NAT" as they don't match
the state table.
>How-To-Repeat:
Rather like in kern/29660, though this is a different Dell GX280, find a
computer with a

bge0 at pci2 dev 0 function 0: Broadcom BCM5751 Gigabit Ethernet
bge0: interrupting at irq 11
bge0: ASIC BCM5750 A1 (0x4001), Ethernet address 00:11:43:7c:6c:94
brgphy0 at bge0 phy 1: BCM5750 1000BASE-T media interface, rev. 0
brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto

and some other network card, eg. ex.

ipnat.conf:
map bge0 192.168.246.0/24 -> 131.111.246.22/32

ipf.conf:
block in log all
block out log all
pass in  quick log on ex0  proto tcp from any to any port = http flags S/SA keep state
pass out quick log on bge0 proto tcp from any to any port = http flags S/SA keep state

Then run ipmon, and get a client to connect through the Dell. Watch the
packets go out, and get blocked on return to the bge with bad NAT.

>Fix:
Swap the bge for a ex(4) 3Com 3c905C-TX. Maybe this combined with
kern/29660 might point to a fix given that these have the same chip?

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.