From owner-freebsd-net@FreeBSD.ORG  Mon Dec  7 19:40:58 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5D45F1065676
	for <freebsd-net@freebsd.org>; Mon,  7 Dec 2009 19:40:58 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8])
	by mx1.freebsd.org (Postfix) with ESMTP id E8C848FC24
	for <freebsd-net@freebsd.org>; Mon,  7 Dec 2009 19:40:57 +0000 (UTC)
Received: from vampire.homelinux.org (dslb-088-064-179-227.pools.arcor-ip.net
	[88.64.179.227])
	by mrelayeu.kundenserver.de (node=mrbap2) with ESMTP (Nemesis)
	id 0Linfx-1NnUQv41i1-00cr5z; Mon, 07 Dec 2009 20:40:57 +0100
Received: (qmail 26405 invoked from network); 7 Dec 2009 19:40:56 -0000
Received: from f8x64.laiers.local (192.168.4.188)
	by mx.laiers.local with SMTP; 7 Dec 2009 19:40:56 -0000
From: Max Laier <max@love2party.net>
Organization: FreeBSD
To: freebsd-net@freebsd.org
Date: Mon, 7 Dec 2009 20:40:56 +0100
User-Agent: KMail/1.12.1 (FreeBSD/8.0-RELEASE; KDE/4.3.1; amd64; ; )
References: <933fa9790912040047k64aa11a7s736688e7382725ad@mail.gmail.com>
In-Reply-To: <933fa9790912040047k64aa11a7s736688e7382725ad@mail.gmail.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200912072040.56524.max@love2party.net>
X-Provags-ID: V01U2FsdGVkX18mpdZjPm+c57+eX/1GVWlpKLMBCK8L5KUW97n
	qeI7sxZziwrrLqC6MSCdIF6b1ya00YCSE9ZfVsv5p6pNTr3k+x
	nbqHvv3K3Aenfzi7IY4Wg==
Cc: Lytochkin Boris <lytboris@gmail.com>
Subject: Re: FreeBSD 8: ipfw fwd and pf route-to broken?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2009 19:40:58 -0000

On Friday 04 December 2009 09:47:37 Lytochkin Boris wrote:
> It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning:
> 1) ipfw fwd
> a) net.inet.ip.forwarding = 0
>   Packets altered by fwd rule are silently dropped somewhere
> between ip_output() checking forward tag and bpf (tcpdump does not
> show these packets)
> b) net.inet.ip.forwarding = 1
>   Packets altered by fwd rule are forwarded according to normal
> routing table (in my case they were forwarded to default gateway), not
> fwd statement
> 
> 2) pf route-to
> Both values of net.inet.ip.forwarding replicates 1b case.
>  
> Sample configs
> 
> 1) ipfw
> add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out
> add 65534 allow ip from any to any
> 
> 2) pf
> scrub in all fragment reassemble
> pass in all flags S/SA keep state
> pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24
> to any flags S/SA keep state

I can not reproduce this. My (cursory) test on a r197983 install suggests that 
route-to is working as it should.  Your rules are a bit strange and might 
result in asymmetric states that can result in dropped tcp-sessions, but the 
basic route-to is correct.  Can you share more details about your setup: 
netstat -rnfinet, pfctl -vvsr (after passing some traffic that was supposed to 
hit the route-to rule) and how exactly your default gateway and the 
alternative router are connected to your pf-box?

Thanks in advance.

--
 Max