[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: IP filter and PPPoE on Solaris 2.8
From: "Joseph W. Sieczkowski" <joes () panix ! com>
Date: 2000-12-22 19:46:15
[Download RAW message or body]
I'm experiencing a problem running IP filter with PPPoE on Solaris 2.8.
I tried both 3.4.14 and 3.4.15.
The sppp0 interface seems to hang as soon as 'ipnat -CF -f' is executed.
Take a very simple set of NAT rules:
map sppp0 172.17.73.112/28 -> 0/32 portmap tcp/udp 40000:60000
map sppp0 172.17.73.112/28 -> 0/32
where
le0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500
index 2
inet 172.17.73.117 netmask fffffff0 broadcast 172.17.73.127
ether 8:0:20:72:fe:18
sppp0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4>
mtu 1492 index 3
inet 138.89.77.112 --> 10.5.21.1 netmask ffff0000
ether 0:0:0:0:0:0
Before ipnat is executed:
# ping 10.5.21.1
10.5.21.1 is alive
[snoop -d sppp0 -V -x0] shows:
adsl-138-89-77-112.nnj.adsl.bellatlantic.net -> foo
ETHER Type=0800 (IP), size = 98 bytes
adsl-138-89-77-112.nnj.adsl.bellatlantic.net -> foo
IP D=10.5.21.1 S=1 38.89.77.112 LEN=84, ID=7187
adsl-138-89-77-112.nnj.adsl.bellatlantic.net -> foo
ICMP Echo request (ID: 3487 Sequence number: 0)
0: 0000 0000 0000 0000 0000 0000 0800 4500
..............E.
16: 0054 1c13 4000 ff01 68c6 8a59 4d70 0a05
.T..@...h..YMp..
32: 1501 0800 7e19 0d9f 0000 3a43 acec 0002
....~.....:C....
48: 9a12 0809 0a0b 0c0d 0e0f 1011 1213 1415
................
64: 1617 1819 1a1b 1c1d 1e1f 2021 2223 2425 ..........
!"#$%
80: 2627 2829 2a2b 2c2d 2e2f 3031 3233 3435
&'()*+,-./012345
96: 3637 67
After ipnat is executed:
# modload /usr/kernel/drv/ipf
# ipnat -CF -f ipnat.conf
# ping 10.5.21.1
[hangs]
[snoop -d sppp0 -V -x0] shows:
? -> * ETHER Type=0800 (IP), size = 14
bytes
0: 0000 0000 0000 0000 0000 0000 0800
..............
________________________________
? -> * ETHER Type=0800 (IP), size = 14
bytes
0: 0000 0000 0000 0000 0000 0000 0800
..............
[yuk]
If I:
# id=`/usr/sbin/modinfo | awk '/ipf/ { print $1 } ' -`
# modunload -i $id
All works again...
Any ideas?
J
[Attachment #3 (text/html)]
<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<br><tt>I'm experiencing a problem running IP filter with PPPoE on Solaris
2.8.</tt>
<br><tt>I tried both 3.4.14 and 3.4.15.</tt>
<p><tt>The sppp0 interface seems to hang as soon as 'ipnat -CF -f' is executed.</tt>
<p><tt>Take a very simple set of NAT rules:</tt>
<br><tt> map sppp0 172.17.73.112/28 -> 0/32 portmap tcp/udp
40000:60000</tt>
<br><tt> map sppp0 172.17.73.112/28 -> 0/32</tt>
<p><tt>where</tt>
<br><tt> le0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4>
mtu 1500 index 2</tt>
<br><tt> inet 172.17.73.117 netmask
fffffff0 broadcast 172.17.73.127</tt>
<br><tt> ether 8:0:20:72:fe:18</tt>
<br><tt> sppp0: \
flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> mtu 1492 index 3</tt>
<br><tt> inet 138.89.77.112 -->
10.5.21.1 netmask ffff0000</tt>
<br><tt> ether 0:0:0:0:0:0</tt>
<p><tt>Before ipnat is executed:</tt>
<blockquote><tt># ping 10.5.21.1</tt>
<br><tt>10.5.21.1 is alive</tt>
<p><tt>[snoop -d sppp0 -V -x0] shows:</tt>
<br><tt>adsl-138-89-77-112.nnj.adsl.bellatlantic.net -> \
foo ETHER Type=0800 (IP), size \
= 98 bytes</tt> <br><tt>adsl-138-89-77-112.nnj.adsl.bellatlantic.net -> \
foo IP D=10.5.21.1 S=1 \
38.89.77.112 LEN=84, ID=7187</tt> \
<br><tt>adsl-138-89-77-112.nnj.adsl.bellatlantic.net -> \
foo ICMP Echo request (ID: 3487 \
Sequence number: 0)</tt></blockquote> \
<tt> 0: 0000 0000 0000 \
0000 0000 0000 0800 4500 ..............E.</tt> \
<br><tt> 16: 0054 1c13 4000 \
ff01 68c6 8a59 4d70 0a05 .T..@...h..YMp..</tt> \
<br><tt> 32: 1501 0800 7e19 \
0d9f 0000 3a43 acec 0002 ....~.....:C....</tt> \
<br><tt> 48: 9a12 0809 0a0b \
0c0d 0e0f 1011 1213 1415 ................</tt> \
<br><tt> 64: 1617 1819 1a1b \
1c1d 1e1f 2021 2223 2425 .......... !"#$%</tt> \
<br><tt> 80: 2627 2829 2a2b \
2c2d 2e2f 3031 3233 3435 &'()*+,-./012345</tt> \
<br><tt> 96: \
3637 &nbs \
p;
67</tt>
<p><tt>After ipnat is executed:</tt>
<blockquote><tt># modload /usr/kernel/drv/ipf</tt>
<br><tt># ipnat -CF -f ipnat.conf</tt>
<br><tt># ping 10.5.21.1</tt>
<br><tt>[hangs]</tt>
<p><tt>[snoop -d sppp0 -V -x0] shows:</tt>
<br><tt> ? -> \
* ETHER Type=0800 \
(IP), size = 14 bytes</tt><tt></tt> \
<p><tt> 0: 0000 0000 0000 \
0000 0000 0000 0800
..............</tt><tt></tt>
<p><tt>________________________________</tt>
<br><tt> ?
-> *
ETHER Type=0800 (IP), size = 14 bytes</tt><tt></tt>
<p><tt> 0:
0000 0000 0000 0000 0000 0000 0800
..............</tt>
<br><tt>[yuk]</tt></blockquote>
<tt>If I:</tt><tt></tt>
<p><tt># id=`/usr/sbin/modinfo | awk '/ipf/ { print $1 } ' -`</tt>
<br><tt># modunload -i $id</tt>
<p><tt>All works again...</tt><tt></tt>
<p><tt>Any ideas?</tt><tt></tt>
<p><tt>J</tt></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic