Scenario: - FreeBSD 12.3 latest - ports latest - using mpd5 with the following statement: # set nat red-port proto alias_addr alias_port local_addr local_port [ remote_addr remote_port ] set nat red-port tcp 0.0.0.0 8765 192.168.1.5 12345 11.12.13.14 0 - The intention is that whenever the remote host 11.12.13.14 connects from any source port to the aliased port 8765, regardless of alias_addr, the connection is redirected to the local port 12345 on the local address 192.168.1.5. - The alias_addr is dynamically assigned and may change, therefore 0.0.0.0 is used as a wildcard. See LibAliasRedirectPort() in libalias(3). Result: - This worked until a few weeks ago. - Now the rule does not seem to work anymore, i.e., the aliasing does not take place, and the TCP destination stays at <alias_addr>:8765 instead of being redirected to 192.168.1.5:12345. Note: - This might actually be an issue in the base system, with ng_nat and libalias. -- Martin
(In reply to Martin Birgmeier from comment #0) Please specify last correctly working versions of mpd5 package and FreeBSD. Also, specify exact mpd5 version as per "pkg info -x mpd5", and output of "uname -rmUK", too.
(In reply to Martin Birgmeier from comment #0) Also, please specify which protocol do you use mpd5 for (PPPoE, L2TP etc.)?
Note that base system libalias(3) ABI was broken in stable/12 and later restored. If you used official mpd5 package or built the port in between and then upgraded your 12.x system again (f.e. moving to 12.3), you could end up with mpd5 binary built for incompatible ABI. You can easily verify and fix it forcibly reinstalling mpd5 either from official package repository of using ports as mpd5 revision was bumped since then.
The last time it was working was on Dec. 13. At that time it was already the same version as now, installed on Dec. 5: Dec 5 13:57:33 gandalf pkg-static[99888]: mpd5-5.9_4 deinstalled Dec 5 13:57:34 gandalf pkg-static[99890]: mpd5-5.9_6 installed The upgrade of that system from FreeBSD 12.2 to 12.3 happened on Dec. 30. The latest patchset was installed on Jan. 13. [0]# pkg info -x mpd5 mpd5-5.9_6 [0]# uname -rmUK 12.3-RELEASE-p1 amd64 1203000 1203000 [0]# One important note: I am running mpd5 with this additional patch (put it in net/mpd5/files): --- ./src/nat.c.ORIG 2013-06-11 11:00:00.000000000 +0200 +++ ./src/nat.c 2014-04-18 17:52:06.000000000 +0200 @@ -185,7 +185,7 @@ if (!inet_aton (av[5], &r_addr)) Error("bad remote IP address \"%s\"", av[5]); rp = atoi(av[6]); - if (rp <= 0 || rp > 65535) + if (rp < 0 || rp > 65535) Error("Incorrect remote port number \"%s\"", av[6]); } /* OK */ Otherwise a remote_port of 0 cannot be specified, but this is allowed according to libalias(3) and specifies "any" port. I was aware of that breakage but did not think it applied here. The last installkernel of 12.2 before Dec. 5 (the date of the latest mpd5 installation) was Nov. 7, it must have been due to the advisories sent out on Nov. 4. But I think the breakage does not apply here as I do not see the error mentioned in bug #250722. Do you think it does? Should I indeed recompile? Final note: I am building both src and ports myself because of a few small patches I keep. -- Martin
Forgot to mention the protocol: it is pppoe ("create link static L1 pppoe"). -- Martin
(In reply to Martin Birgmeier from comment #5) > Should I indeed recompile? libalias ABI was broken stable/12 between April 7, 2020 and November 10, 2020. FreeBSD 12.2 was released on October 27, 2020. Hence, ABI was changed back after that release and it happened for stable/12 only, not for the security branch releng/12.2. If you moved from 12.2-pX to 12.3 and did not rebuild mpd5 binary since then, you should do it now.
(In reply to Martin Birgmeier from comment #4) > One important note: I am running mpd5 with this additional patch I'm going to include the patch to the port. Do you use any other patches for mpd5?
No, this is the only patch I use for mpd5. I have already rebuilt and reinstalled, but it will take me a while to test the effect. -- Martin
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=fcba5123c1263e2bb2ddc6f6b7e71424f62377d2 commit fcba5123c1263e2bb2ddc6f6b7e71424f62377d2 Author: Eugene Grosbein <eugen@FreeBSD.org> AuthorDate: 2022-02-11 13:31:47 +0000 Commit: Eugene Grosbein <eugen@FreeBSD.org> CommitDate: 2022-02-11 13:31:47 +0000 net/mpd5: let "red-port" accept zero remote port value Import upstream r2446: allow to configre "any" remote port for port redirection rule as supported by libalias(3). PR: 261802 Reported by: Martin Birgmeier net/mpd5/Makefile | 2 +- net/mpd5/files/patch-nat.c (new) | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-)
This issue was indeed fixed by recompiling mpd5. Thank you for your support. -- Martin