From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 7 11:07:01 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2113C106564A for ; Mon, 7 Apr 2008 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 112268FC15 for ; Mon, 7 Apr 2008 11:07:01 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m37B706L048806 for ; Mon, 7 Apr 2008 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m37B70KX048802 for freebsd-ipfw@FreeBSD.org; Mon, 7 Apr 2008 11:07:00 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 7 Apr 2008 11:07:00 GMT Message-Id: <200804071107.m37B70KX048802@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Apr 2008 11:07:01 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/121955 ipfw [ipfw] [panic] freebsd 7.0 panic with mpd 16 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] [request] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor s kern/121807 ipfw [request] TCP and UDP port_table in ipfw 29 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 8 15:03:17 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B502110656D2 for ; Tue, 8 Apr 2008 15:03:17 +0000 (UTC) (envelope-from jmok@attglobal.net) Received: from eoemailadmin.pacific.net.hk (eoemailadmin.pacific.net.hk [202.14.67.94]) by mx1.freebsd.org (Postfix) with ESMTP id 4C3CA8FC13 for ; Tue, 8 Apr 2008 15:03:17 +0000 (UTC) (envelope-from jmok@attglobal.net) Received: from hanghau.pacific.net.hk (hanghau.pacific.net.hk [202.64.33.147]) by eoemailadmin.pacific.net.hk with ESMTP id m38ETDkp018303 for ; Tue, 8 Apr 2008 22:29:14 +0800 Received: from [192.168.16.50] ([210.17.159.154]) by hanghau.pacific.net.hk with ESMTP id m38ETBRL018345 for ; Tue, 8 Apr 2008 22:29:11 +0800 Message-ID: <47FB8135.1040300@attglobal.net> Date: Tue, 08 Apr 2008 22:29:09 +0800 From: John Mok User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Multihome policy routing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2008 15:03:17 -0000 Hi, I tried to setup a FTP server running on FreeBSD 4.11 as follows :- (DMZ subnet) 61.1.1.1/27 ---------------- Firewall ---------- Internet | |10.144.1.1/24 | |(Intranet) | | |61.1.1.3/27 em1 | 10.144.1.254 FTP server -----------------router 10.144.1.10/24 em0 The following routing and ipfw rules are added on the FTP server :- #route add default 61.1.1.1 #ipfw add 101 fwd 10.144.1.254 ip from 10.144.1.10 to any #ipfw add 201 fwd 61.1.1.1 ip from 61.1.1.3 to any When I tried to connect from a host (e.g. 10.144.1.10) to the DMZ interface 61.1.1.3 of the FTP server via the gateway 10.144.1.1, it failed. However, I shut down the interface 10.144.1.10, then it succeeded. The routing was NOT symmetric. My question is when FreeBSD can setup two routing tables and do something like Linux as follows :- ip route add default nexthop via 61.1.1.1 dev em1 table T1 ip route add default nexthop via 10.144.1.254 dev em0 table T2 ip route add 0/0 dev em1 table T1 ip route add 0/0 dev em0 table T2 Thus, the symmetric routing is maintained, when a host (e.g. 10.144.1.10) connects to 61.1.1.3 via 10.144.1.1. Thanks a lot. John Mok From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 8 16:47:04 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 43D3C106566B for ; Tue, 8 Apr 2008 16:47:04 +0000 (UTC) (envelope-from ap@bnc.net) Received: from bis.bonn.org (www.bis.bonn.org [217.110.117.102]) by mx1.freebsd.org (Postfix) with ESMTP id D40DA8FC23 for ; Tue, 8 Apr 2008 16:47:03 +0000 (UTC) (envelope-from ap@bnc.net) X-Junk-Score: 2 [X] X-SpamCatcher-Score: 2 [X] X-Junk-Score: 0 [] X-Cloudmark-Score: 0 [] Received: from [194.39.192.125] (account bnc-mail@mailrelay.mailomat.net HELO bnc.net) by bis.bonn.org (CommuniGate Pro SMTP 5.2c4) with ESMTPSA id 10463061; Tue, 08 Apr 2008 17:49:11 +0200 X-SpamCatcher-Score: 2 [X] Received: from [194.39.192.247] (account ap HELO hyperion.bnc.net) by bnc.net (CommuniGate Pro SMTP 5.2.0) with ESMTPSA id 3101763; Tue, 08 Apr 2008 17:46:51 +0200 Message-Id: <1E82FE2D-720A-4549-B3CF-F7E766D28327@bnc.net> From: Achim Patzner To: John Mok In-Reply-To: <47FB8135.1040300@attglobal.net> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v919.2) Date: Tue, 8 Apr 2008 17:46:49 +0200 References: <47FB8135.1040300@attglobal.net> X-Mailer: Apple Mail (2.919.2) Cc: freebsd-ipfw@freebsd.org Subject: Re: Multihome policy routing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2008 16:47:04 -0000 Am 08.04.2008 um 16:29 schrieb John Mok: > > My question is when FreeBSD can setup two routing tables and do > something like Linux as follows :- > > ip route add default nexthop via 61.1.1.1 dev em1 table T1 > ip route add default nexthop via 10.144.1.254 dev em0 table T2 Use ipfw fwd. And feel happy about the fact it's not Mac OS - they just broke that. Achim