Date: Sun, 6 Feb 2005 02:29:21 +0100 (CET) From: Michal Malanowicz <evild@evild.eu.org> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/77156: Message-ID: <20050206012921.3C7721DDB7D@mail.evild.eu.org> Resent-Message-ID: <200502060130.j161ULbm060707@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 77156
>Category: kern
>Synopsis:
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Feb 06 01:30:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
Confidential: no <FreeBSD PRs are public data>
Synopsis: FreeBSD does not redirect packets on proper interface.
Severity: [ serious ]
Priority: [ medium ]
>Environment:
>Description:
Originator: Michal Malanowicz
Class: [ sw-bug ]
Release: FreeBSD 5.2.1-RELEASE-p13 i386
Environment:
System: FreeBSD farel.evild.eu.org 5.2.1-RELEASE-p13 FreeBSD 5.2.1-RELEASE-p13 #0: Thu Feb 3 08:57:35 CET 2005 evild@blue.evild.eu.org:/usr/src/sys/i386/compile/BLUE i386
<machine, os, target, libraries (multiple lines)>
Pentium 700MHz, fxp and xl interfaces.
Description:
Confider situation like this:
ext_net1 ext_net2
| |
fxp0 fxp1
\ /
freebsd_server
|
xl0
|
LAN
gateway configured in ext_net2.
ext_net2 and ext_net1 are diffrent IP classes.
both ext_net2 and ext_net1 are public internet addresses.
I want to run WWW server on both external interfaces.
When packet comes from ext_net2 everything works
just fine.
When packet comes from ext_net1 it uses
gateway in ext_net2 to return to sender. This
is fine. Packet comes out from fxp1 with fxp0
source address.
I try to forward packets to ext_net1 gateway, to
make them return the same way as they come in
using IPFW:
ipfw add fwd $ext_net1_gateway ip from $fxp0_ip to any out
This is fine.
But using IPFILTER or PF to achieve the same
functionality is pointless - they not work.
No matter how you will try...
Those options are set in rc.conf:
forward_sourceroute="YES"
accept_sourceroute="YES"
I tried this on 4.X and on 5.X version.
How-To-Repeat:
described abowe.
Fix:
Use IPFW instead (but what about loosing a flexible nat?)
Oh, and IPFW FWD stops working in FreeBSD 5.3 :( in such case...
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050206012921.3C7721DDB7D>