From owner-freebsd-stable Sun Nov 17 14:36:36 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96A2737B401; Sun, 17 Nov 2002 14:36:34 -0800 (PST) Received: from exchange.corp.cre8.com (ns.cre8.com [216.135.81.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8FA943E42; Sun, 17 Nov 2002 14:36:33 -0800 (PST) (envelope-from sullrich@CRE8.COM) Received: by exchange.corp.cre8.com with Internet Mail Service (5.5.2653.19) id <4G1JKRDV>; Sun, 17 Nov 2002 17:44:38 -0500 Message-ID: <2F6DCE1EFAB3BC418B5C324F13934C9601D23C35@exchange.corp.cre8.com> From: Scott Ullrich To: 'Archie Cobbs' , Scott Ullrich , "'guido@freebsd.org'" Cc: "'greg.panula@dolaninformation.com'" , David Kelly , FreeBSD-stable@FreeBSD.ORG Subject: RE: IPsec/gif VPN tunnel packets on wrong NIC in ipfw? Date: Sun, 17 Nov 2002 17:44:38 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I have reverted back to revision 1.130.2.39 of ip_input.c and that solved my issues! Guido, I am running IPFW2. If there is anything you need from me to help fix this issue, please let me know. Thanks again Archie for giving me the pointers of which file to revert. -Scott -----Original Message----- From: Archie Cobbs [mailto:archie@dellroad.org] Sent: Sunday, November 17, 2002 2:56 PM To: Scott Ullrich Cc: 'greg.panula@dolaninformation.com'; David Kelly; FreeBSD-stable@FreeBSD.ORG Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw? Scott Ullrich wrote: > I am also having this same problem. If I revert back to 4.7 RELEASE > the problem goes away. > > Anyone have an idea of what changed the default behavior between 4.7 > RELEASE and STABLE or if there is a better workaround other than > adding a rule before the divert statement allowing the internal > networks to talk? Try reverting rev. 1.130.2.40 of netinet/ip_input.c (there may be other files in this commit; didn't look (you could do it by time)). This is just a guess because it seems like it might be relevant. http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_input.c?only_with_t ag=RELENG_4 -Archie __________________________________________________________________________ Archie Cobbs * Packet Design * http://www.packetdesign.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message