From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 3 11:06:48 2014 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3E911EA for ; Mon, 3 Feb 2014 11:06:48 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2A4001A48 for ; Mon, 3 Feb 2014 11:06:48 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s13B6mAx022657 for ; Mon, 3 Feb 2014 11:06:48 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s13B6lNL022655 for freebsd-ipfw@FreeBSD.org; Mon, 3 Feb 2014 11:06:47 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 3 Feb 2014 11:06:47 GMT Message-Id: <201402031106.s13B6lNL022655@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Feb 2014 11:06:48 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/180731 ipfw [ipfw] problem with displaying 255.255.255.255 address o kern/180729 ipfw [ipfw] ipfw nat show empty output o kern/178482 ipfw [ipfw] logging problem from vnet jail o kern/178480 ipfw [ipfw] dynamically loaded ipfw with a vimage kernel do o kern/178317 ipfw [ipfw] ipfw options need to specifed in specific order o kern/177948 ipfw [ipfw] ipfw fails to parse port ranges (p1-p2) for udp o kern/176503 ipfw [ipfw] ipfw layer2 problem o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipfw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. f kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 41 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 6 00:24:57 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 90FCD77F; Thu, 6 Feb 2014 00:24:57 +0000 (UTC) Received: from secure.freebsdsolutions.net (secure.freebsdsolutions.net [69.55.234.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 6DA0C1B7C; Thu, 6 Feb 2014 00:24:56 +0000 (UTC) Received: from [10.10.1.198] (office.betterlinux.com [199.58.199.60]) (authenticated bits=0) by secure.freebsdsolutions.net (8.14.4/8.14.4) with ESMTP id s1608ShM073873 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 5 Feb 2014 19:08:29 -0500 (EST) (envelope-from lists@jnielsen.net) From: John Nielsen Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: IPFW fwd not working after upgrade from 9.2 to 10.0 Date: Wed, 5 Feb 2014 17:08:24 -0700 Message-Id: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> To: "freebsd-stable@freebsd.org Stable" Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) X-Mailer: Apple Mail (2.1827) X-DCC-x.dcc-servers-Metrics: ns1.jnielsen.net 104; Body=2 Fuz1=2 Fuz2=2 X-Virus-Scanned: clamav-milter 0.97.8 at ns1.jnielsen.net X-Virus-Status: Clean Cc: freebsd-ipfw@freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 00:24:57 -0000 I have been using IPFW FWD to do per-interface routing on a VM instance. = The default gateway is on interface vtnet0, but there is a second = interface, vtnet1, on a different network with its own public IP = address. The second network has its own gateway, which I'd like to use = for responses to connections coming on on vtnet1. Under 9.2, the below = worked fine: fwd ${GW2} ip from ${PUBIP2} to not table(120) out via vtnet0 Table 120 contains all the local networks for which I don't want the = rule to apply. I updated the VM to 10.0-RELEASE, with no changes to the IPFW rules or = network configuration. The forwarding to the secondary router no longer = works. Traffic comes in on ${PUBIP2} fine, and the counter for the IPFW = rule increments, but no packets are actually sent out vtnet1. Instead, = it's trying to do a weird ARP query: # tcpdump -n -p -i vtnet1 ... 16:46:33.146324 IP ${OUTSIDE_IP}.55063 > ${PUBIP2}.22: Flags [S], seq = 2242981455, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val = 1978614336 ecr 0,sackOK,eol], length 0 16:46:33.146372 ARP, Request who-has ${GW1} tell ${PUBIP2}, length 28 If I try to SSH from an outside IP to the public IP on vtnet1, a = response never goes out either interface (vtnet0 or vtnet1). Instead, an = ARP query is going out (on vtnet1) looking for the default gateway IP, = which is only reachable on vtnet0. On the off chance this is not a bug, is there a better way I should be = doing per-interface routing under FreeBSD 10? If it is a bug, can anyone = suggest what might be going on here and how to track it down further? Thanks, JN From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 6 00:54:54 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57C82B1 for ; Thu, 6 Feb 2014 00:54:54 +0000 (UTC) Received: from mail-oa0-f43.google.com (mail-oa0-f43.google.com [209.85.219.43]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 1C05F1DC0 for ; Thu, 6 Feb 2014 00:54:53 +0000 (UTC) Received: by mail-oa0-f43.google.com with SMTP id h16so1497028oag.30 for ; Wed, 05 Feb 2014 16:54:47 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=jtSSs9mcjbzRXJ4ejgKmZHwVlJYw1EMJ49OgfLJ/mhU=; b=lm4/7JxNLpxYO8ZfdjHvDT0EsFXqqGrmOxIEHsYi28Wj6+bC+duAvTnbhxCSppmWAG DxDaZ5uMN9py6G00Bc8KuT6HfcOjeHZ8ZjhYN/es9PfAzGSHPwJCn+903/gd4gZfSfud n5gThT01Kt/svnH8AIKg5EuYE7rP2xhKKog/+3xWZq7ZqHwnHzpsKGO2ffNbWrTK7SV8 h9SvlxuB3yI+wHjZtvHgI4zQ1l4zI10tzaz8+z2OyRKEzhJsGxNr14hA0sgszRirjKCy VpxHIm60o0yoWGJ2AS/8XZ3vudddDj4ShzTChCGSi3swKqSwSrrhFQgmaAPV9bxRuXfm biHw== X-Gm-Message-State: ALoCoQmWhCptmCUF4/NY4rhGsumZTPrwOkcz6VtHGXf/AzuLM8EKyu2PK22UtRSKqFyt2ME7cF6Z MIME-Version: 1.0 X-Received: by 10.60.76.38 with SMTP id h6mr3085415oew.79.1391648087101; Wed, 05 Feb 2014 16:54:47 -0800 (PST) Received: by 10.60.21.8 with HTTP; Wed, 5 Feb 2014 16:54:47 -0800 (PST) In-Reply-To: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> References: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> Date: Wed, 5 Feb 2014 16:54:47 -0800 Message-ID: Subject: Re: IPFW fwd not working after upgrade from 9.2 to 10.0 From: Michael Sierchio To: John Nielsen Content-Type: text/plain; charset=ISO-8859-1 Cc: "freebsd-ipfw@freebsd.org" , "freebsd-stable@freebsd.org Stable" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 00:54:54 -0000 compile a kernel with more than the default 2 FIB tables (16 for example), and setfib 0 route add default $GATEWAY_A setfib 1 route add default $GATEWAY_B setfib 2 route add default $GATEWAY_C [ ... ] ipfw table 1 add $NET_LAN 0 ipfw table 1 add $NET_VOIP 2 ipfw table 1 add $NET_VPN 0 ipfw table 1 add $NET_WIFI 0 ipfw table 1 add $NET_GUEST 1 ipfw table 1 add $NET_SECURITY 0 ipfw table 1 add $NET_COMMON 1 ipfw table 1 add $NET_FINANCE 1 ipfw table 1 add $NET_CORE 2 ipfw table 1 add $NET_EVENT 0 [ ... ] ipfw add 00500 setfib tablearg ip from table\(1\) to any in lookup src-ip 1 From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 6 05:59:30 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 155B4266; Thu, 6 Feb 2014 05:59:30 +0000 (UTC) Received: from secure.freebsdsolutions.net (secure.freebsdsolutions.net [69.55.234.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E45F91851; Thu, 6 Feb 2014 05:59:29 +0000 (UTC) Received: from [192.168.2.46] (c-50-160-123-105.hsd1.ut.comcast.net [50.160.123.105]) (authenticated bits=0) by secure.freebsdsolutions.net (8.14.4/8.14.4) with ESMTP id s165xN2i082596 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 6 Feb 2014 00:59:25 -0500 (EST) (envelope-from lists@jnielsen.net) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: IPFW fwd not working after upgrade from 9.2 to 10.0 From: John Nielsen In-Reply-To: Date: Wed, 5 Feb 2014 22:59:21 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> To: Michael Sierchio X-Mailer: Apple Mail (2.1827) X-DCC-x.dcc-servers-Metrics: ns1.jnielsen.net 104; Body=3 Fuz1=3 Fuz2=3 X-Virus-Scanned: clamav-milter 0.97.8 at ns1.jnielsen.net X-Virus-Status: Clean Cc: "freebsd-ipfw@freebsd.org" , "freebsd-stable@freebsd.org Stable" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 05:59:30 -0000 On Feb 5, 2014, at 5:54 PM, Michael Sierchio wrote: > compile a kernel with more than the default 2 FIB tables (16 for = example), and >=20 > setfib 0 route add default $GATEWAY_A > setfib 1 route add default $GATEWAY_B > setfib 2 route add default $GATEWAY_C >=20 > [ ... ] >=20 > ipfw table 1 add $NET_LAN 0 > ipfw table 1 add $NET_VOIP 2 > ipfw table 1 add $NET_VPN 0 > ipfw table 1 add $NET_WIFI 0 > ipfw table 1 add $NET_GUEST 1 > ipfw table 1 add $NET_SECURITY 0 > ipfw table 1 add $NET_COMMON 1 > ipfw table 1 add $NET_FINANCE 1 > ipfw table 1 add $NET_CORE 2 > ipfw table 1 add $NET_EVENT 0 >=20 > [ ... ] >=20 > ipfw add 00500 setfib tablearg ip from table\(1\) to any in lookup = src-ip 1 Thanks for the suggestion, but unless something has changed recently = using setfib with ipfw is only effective for routed traffic, not packets = that originate locally (the routing decision has already been made by = the time the outgoing packet goes through ipfw). Running specific processes with an alternate FIB could be a partial = workaround but it's a lot less elegant. Really I'd like to know what's = going on in 10.0 that keeps the ipfw fwd solution from working like it = did in 9.2. JN From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 6 08:31:52 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A408D51F; Thu, 6 Feb 2014 08:31:52 +0000 (UTC) Received: from forward6.mail.yandex.net (forward6.mail.yandex.net [IPv6:2a02:6b8:0:202::7]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4CA0414E7; Thu, 6 Feb 2014 08:31:52 +0000 (UTC) Received: from smtp8.mail.yandex.net (smtp8.mail.yandex.net [77.88.61.54]) by forward6.mail.yandex.net (Yandex) with ESMTP id 3F60F1120975; Thu, 6 Feb 2014 12:31:48 +0400 (MSK) Received: from smtp8.mail.yandex.net (localhost [127.0.0.1]) by smtp8.mail.yandex.net (Yandex) with ESMTP id DA0431B60085; Thu, 6 Feb 2014 12:31:47 +0400 (MSK) Received: from 95.108.170.136-red.dhcp.yndx.net (95.108.170.136-red.dhcp.yndx.net [95.108.170.136]) by smtp8.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id quxi51RKiM-VlV8c10B; Thu, 6 Feb 2014 12:31:47 +0400 (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (Client certificate not present) X-Yandex-Uniq: 079fb53d-74ba-46f0-bff9-fea1645341e7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1391675507; bh=wVoC1c0FWFnfut1S1coEMziFJaInQi/bmmmr7r0kY3I=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject: References:In-Reply-To:X-Enigmail-Version:Content-Type: Content-Transfer-Encoding; b=aOnCdrMqNMU/Z2yE1io9BGdcZ5nZnOyjwwbOSJcRX0J0Hs5gDhcKDxPPOq4m0Ht5u R4uiCjcXeM4872qSYU0VibHW/n/uNTNXb1mwnfQ4YccUHwPJWN1Fb5irgKASyDTHff A4UeIc0eIW+2322SfYXSK155ZyLowZnFB6rfCip8= Authentication-Results: smtp8.mail.yandex.net; dkim=pass header.i=@yandex.ru Message-ID: <52F34871.4030204@yandex.ru> Date: Thu, 06 Feb 2014 12:31:45 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: John Nielsen , "freebsd-stable@freebsd.org Stable" Subject: Re: IPFW fwd not working after upgrade from 9.2 to 10.0 References: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> In-Reply-To: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 08:31:52 -0000 On 06.02.2014 04:08, John Nielsen wrote: > I have been using IPFW FWD to do per-interface routing on a VM > instance. The default gateway is on interface vtnet0, but there is a > second interface, vtnet1, on a different network with its own public > IP address. The second network has its own gateway, which I'd like to > use for responses to connections coming on on vtnet1. Under 9.2, the > below worked fine: Hi, you can apply this patch: http://svnweb.freebsd.org/base?view=revision&revision=260702 -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 6 10:50:41 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:1900:2254:206a::19:2]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 073B8FD0; Thu, 6 Feb 2014 10:50:41 +0000 (UTC) Received: from butcher-nb.yandex.net (hub.freebsd.org [IPv6:2001:1900:2254:206c::16:88]) by mx2.freebsd.org (Postfix) with ESMTP id 169142D49; Thu, 6 Feb 2014 10:50:39 +0000 (UTC) Message-ID: <52F368FC.5010200@FreeBSD.org> Date: Thu, 06 Feb 2014 14:50:36 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: John Nielsen , "freebsd-stable@freebsd.org Stable" Subject: Re: IPFW fwd not working after upgrade from 9.2 to 10.0 References: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> <52F34871.4030204@yandex.ru> In-Reply-To: <52F34871.4030204@yandex.ru> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 10:50:41 -0000 On 06.02.2014 12:31, Andrey V. Elsukov wrote: > On 06.02.2014 04:08, John Nielsen wrote: >> I have been using IPFW FWD to do per-interface routing on a VM >> instance. The default gateway is on interface vtnet0, but there is a >> second interface, vtnet1, on a different network with its own public >> IP address. The second network has its own gateway, which I'd like to >> use for responses to connections coming on on vtnet1. Under 9.2, the >> below worked fine: > > Hi, > > you can apply this patch: > http://svnweb.freebsd.org/base?view=revision&revision=260702 JFYI, I merged the fix from head/. You can update your system to 10-STABLE and it should work. -- WBR, Andrey V. Elsukov From owner-freebsd-ipfw@FreeBSD.ORG Thu Feb 6 15:20:26 2014 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B6EB641A; Thu, 6 Feb 2014 15:20:26 +0000 (UTC) Received: from secure.freebsdsolutions.net (secure.freebsdsolutions.net [69.55.234.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 957D41180; Thu, 6 Feb 2014 15:20:26 +0000 (UTC) Received: from [192.168.2.46] (c-50-160-123-105.hsd1.ut.comcast.net [50.160.123.105]) (authenticated bits=0) by secure.freebsdsolutions.net (8.14.4/8.14.4) with ESMTP id s16FKIJF076978 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 6 Feb 2014 10:20:19 -0500 (EST) (envelope-from lists@jnielsen.net) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: IPFW fwd not working after upgrade from 9.2 to 10.0 From: John Nielsen In-Reply-To: <52F368FC.5010200@FreeBSD.org> Date: Thu, 6 Feb 2014 08:20:14 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: References: <8C9CDEF4-A44A-4207-BB87-DA3E7CF89917@jnielsen.net> <52F34871.4030204@yandex.ru> <52F368FC.5010200@FreeBSD.org> To: "freebsd-stable@freebsd.org Stable" X-Mailer: Apple Mail (2.1827) X-DCC--Metrics: ns1.jnielsen.net 1102; Body=2 Fuz1=2 Fuz2=2 X-Virus-Scanned: clamav-milter 0.97.8 at ns1.jnielsen.net X-Virus-Status: Clean Cc: freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Feb 2014 15:20:26 -0000 On Feb 6, 2014, at 3:50 AM, Andrey V. Elsukov wrote: > On 06.02.2014 12:31, Andrey V. Elsukov wrote: >> On 06.02.2014 04:08, John Nielsen wrote: >>> I have been using IPFW FWD to do per-interface routing on a VM >>> instance. The default gateway is on interface vtnet0, but there is a >>> second interface, vtnet1, on a different network with its own public >>> IP address. The second network has its own gateway, which I'd like = to >>> use for responses to connections coming on on vtnet1. Under 9.2, the >>> below worked fine: >>=20 >> Hi, >>=20 >> you can apply this patch: >> http://svnweb.freebsd.org/base?view=3Drevision&revision=3D260702 >=20 > JFYI, I merged the fix from head/. You can update your system to > 10-STABLE and it should work. Thank you Andrey and Ronald. I should have looked at both the errata and = the commit logs sooner. I'll patch my kernel. JN