From owner-freebsd-stable  Sat Mar  3 17:37:39 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from shemp.palomine.net (shemp.palomine.net [205.198.88.200])
	by hub.freebsd.org (Postfix) with SMTP id 666E437B71A
	for <stable@freebsd.org>; Sat,  3 Mar 2001 17:37:36 -0800 (PST)
	(envelope-from cjohnson@palomine.net)
Received: (qmail 49901 invoked by uid 1000); 4 Mar 2001 01:37:34 -0000
Date: Sat, 3 Mar 2001 20:37:33 -0500
From: Chris Johnson <cjohnson@palomine.net>
To: stable@freebsd.org
Subject: Did ipfw fwd just break?
Message-ID: <20010303203733.A49750@palomine.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--EeQfGwPcQSOJBaQU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

For a long time I've been running a transparent SMTP proxy on my firewall,
using this rule:

ipfw fwd 127.0.0.1 tcp from any to any 25 in recv fxp0

It's always worked just as I expected.

I updated my system today (the previous update was on February 12), and now,
even though "ipfw show" indicates that the above rule is matching, the
connection goes right through to its original destination (i.e. it's not
forwarded to 127.0.0.1) just as if the rule weren't there. Just prior to
rebooting the newly updated system, the SMTP connections were forwarded to
127.0.0.1, exactly according to plan.

$ uname -a
FreeBSD norton.palomine.net 4.2-STABLE FreeBSD 4.2-STABLE #0: Sat Mar  3 17:05:39 EST 2001     cjohnson@norton.palomine.net:/usr/obj/usr/src/sys/NORTON  i386

I'm using natd to connect my private network to the Internet. I haven't made
any changes to my firewall rules, and the only kernel configuration option I
made was to add the PPS_SYNC option, which I don't see breaking any ipfw stuff.

Chris Johnson

--EeQfGwPcQSOJBaQU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6oZxdyeUEMvtGLWERAtMmAJ9lLsuJyvhbEyaKFYIY9a+YGes1JQCfUvjz
PPzuzFNoj8FGp/6gQSAYodw=
=QdJf
-----END PGP SIGNATURE-----

--EeQfGwPcQSOJBaQU--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message