Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 18 Oct 2020 13:06:11 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 250434] ipfw: ipfw fwd broken in 12.2
Message-ID:  <bug-250434-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250434

            Bug ID: 250434
           Summary: ipfw: ipfw fwd broken in 12.2
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: brnrd@freebsd.org

After upgrading from 12.1-p8 adm64 to 12.2-RC2, I ran into a regression with
ipfw fwd.

My ipfw config has some fwd rules early in the ruleset to forward traffic to
service-jails.

> 00070 fwd 192.0.2.8 tcp from not 192.0.2.0/24 to 192.0.2.1 80,443
> 00071 fwd 192.0.2.2 tcp from not 192.0.2.0/24 to 192.0.2.1 25,587
> 00072 fwd 192.0.2.4 tcp from not 192.0.2.0/24 to 192.0.2.1 9001,9030
> 00073 fwd 192.0.2.11 ip from not 192.0.2.0/24 to 192.0.2.1 54321
> 00074 fwd 192.0.2.7 tcp from not me to 192.0.2.1,192.0.2.8 4242
> 00075 fwd 192.0.2.9 tcp from not 192.0.2.0/24 to 192.0.2.1 993,995

these are a work-around for the crappy Fritz!box router that can't handle
multiple IP-addresses on a single MAC.

After the 12.2 upgrade, this no longer worked. ipfw list output:

> 00070 fwd 192.0.2.8,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 80,443
> 00071 fwd 192.0.2.2,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 25,587
> 00072 fwd 192.0.2.4,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 9001,9030
> 00073 fwd 192.0.2.11,28786 ip from not 192.0.2.0/24 to 192.0.2.1 54321
> 00074 fwd 192.0.2.7,28786 tcp from not me to 192.0.2.1,192.0.2.8 4242
> 00075 fwd 192.0.2.9,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 993,995

tcpdump showed only SYN packets on the interface, nothing else.
The additional service-jail IP-addresses are also bound to the same interface
em0.

Please let me know how I can assist in solving this issue!

-- 
You are receiving this mail because:
You are the assignee for the bug.
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-250434-227>