Bug 70904 - [ipfilter] ipfilter ipnat problem with h323 proxy support
Summary: [ipfilter] ipfilter ipnat problem with h323 proxy support
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 5.2.1-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-24 17:00 UTC by Kolya Karpov
Modified: 2020-10-28 19:24 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kolya Karpov 2004-08-24 17:00:39 UTC
Try to use h323 proxy in IPFILTER, but when parsing ipnat config file i
get: 
110 entries flushed from NAT table
7 entries flushed from NAT list
1:ioctl(SIOCADNAT): No such file or directory

Here is ipnat conf file:

map rl0 0/0 -> 0/32 proxy port 1720 h323/tcp
map rl0 0/0 -> 0/32 proxy port ftp ftp/tcp
map rl0 192.168.0.0/24 -> 217.199.99.45/32
map rl0 192.168.1.0/24 -> 217.199.99.46/32

rdr rl0 217.199.99.45/32 port 3306 -> 192.168.0.2 port 3306 tcp rdr rl0
217.199.99.45/32 port 874 -> 192.168.0.2 port 873 tcp

rdr rl0 217.199.99.36/32 port 873 -> 192.168.0.2 port 873 tcp rdr rl0
217.199.99.37/32 port 873 -> 192.168.0.2 port 873 tcp

FTP proxy works, but h323 - now.
Kernel is compiled with options

IPFILTER
IPFILTER_LOG

tried to add BRIDGE support and others rhings like DUMMYNET - result is
the same.

Tried all systems till 6.0-CURRENT - bug remains.

Fix: 

I'm not so good in programming to patch this ;(
How-To-Repeat: 
Install base system, compile kernel with IPFILTER support, or load
IPFilter module, enable h323 proxy and get an error.
Comment 1 Tilman Keskinoz freebsd_committer 2004-08-26 23:08:33 UTC
Responsible Changed
From-To: freebsd-i386->darrenr

Over to ipfilter maintainer
Comment 2 Cy Schubert freebsd_committer 2013-07-03 06:10:54 UTC
Responsible Changed
From-To: freebsd-net->cy

Mine.
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:01:14 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 4 Cy Schubert freebsd_committer 2020-10-28 19:24:05 UTC
I converted Darren's CVS repo into a git repo quite some time ago. Looking at the history, h323 was deleted by this commit:

commit a6f32dacc2d5c14b5e17d4792c58719449d34456
Author: darren_r <>
Date:   Thu Oct 20 22:16:06 2011 +0000

    3426558 resistence is futile

M       ipfilter/IPFILTER.LICENCE
D       ipfilter/QNX_OCL.txt
D       ipfilter/ip_h323_pxy.c
M       ipfilter/ip_proxy.c

I can get the CVS rev number if needed.