From owner-freebsd-bugs@FreeBSD.ORG Tue Feb 5 11:50:02 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B68116A418 for ; Tue, 5 Feb 2008 11:50:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 7C76913C47E for ; Tue, 5 Feb 2008 11:50:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m15Bo2rX041553 for ; Tue, 5 Feb 2008 11:50:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m15Bo2Rc041552; Tue, 5 Feb 2008 11:50:02 GMT (envelope-from gnats) Resent-Date: Tue, 5 Feb 2008 11:50:02 GMT Resent-Message-Id: <200802051150.m15Bo2Rc041552@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Marius Nistor Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 018BC16A419 for ; Tue, 5 Feb 2008 11:43:43 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E6A3213C458 for ; Tue, 5 Feb 2008 11:43:42 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m15BhgBx041261 for ; Tue, 5 Feb 2008 11:43:42 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m15Bhgqn041260; Tue, 5 Feb 2008 11:43:42 GMT (envelope-from gnats) Message-Id: <200802051143.m15Bhgqn041260@freefall.freebsd.org> Date: Tue, 5 Feb 2008 11:43:42 GMT From: Marius Nistor To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/120290: ipfw jump rules X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Feb 2008 11:50:02 -0000 >Number: 120290 >Category: kern >Synopsis: ipfw jump rules >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Feb 05 11:50:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Marius Nistor >Release: FreeBSD 6.2 release >Organization: myshells.eu >Environment: FreeBSD localhost 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Sun Jan 20 00:57:36 EET 2008 root@mySHELLS.eu:/usr/src/sys/i386/compile/mySHELLS i386 >Description: hi i create private ip's type : 10164 allow ip from 193.64.7.151 to any uid net 10165 allow ip from any to 193.64.7.151 10166 allow tcp from 193.64.7.151 10000-65535,21,22,25,80,110,113,443 to any 10167 deny ip from 193.64.7.151 to any so that means every one can connect to the ip on specified ports ... but to use the ip on internet only uid net can do that ..... the problem is : ipfw jump rules lie : [11:09:54 root@localhost ~]# ipfw show 10164 0 0 allow ip from 193.64.7.151 to any uid net 10165 21 5166 allow ip from any to 193.64.7.151 10166 23 1213 allow tcp from 193.64.7.151 10000-65535,21,22,25,80,110,113,443 to any 10167 0 0 deny ip from 193.64.7.151 to any 65535 989179 91977108 allow ip from any to any [11:09:56 root@localhost ~]# so rule 10164 and 10167 not used i tryed 10166 allow tcp from 193.64.7.151 10000-65535,21,22,25,80,110,113,443 to any uid net ... but the ip is go on internet without oidentd support is any way to have a help on that ? i tryed 2 days allw ays and i think is a ipfw bug for jumping rules, because on freebsd 4 and 5 was working fine thank you Marius Nistor >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: