Date: Mon, 29 Mar 2010 12:54:59 GMT From: Dmitry <d_kazarov@mcm.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/145167: ipfw nat does not follow its documentation Message-ID: <201003291254.o2TCsx2V051011@www.freebsd.org> Resent-Message-ID: <201003291300.o2TD0Dbg057311@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 145167
>Category: kern
>Synopsis: ipfw nat does not follow its documentation
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Mar 29 13:00:12 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Dmitry
>Release: 8.0-STABLE
>Organization:
Telekom Servis T
>Environment:
FreeBSD mail.mcm.ru 8.0-STABLE FreeBSD 8.0-STABLE #0: Thu Mar 25 10:43:17 MSK 2010 root@kazarov.mcm.ru:/var/tmp/obj/usr/src/sys/MCM i386
>Description:
man ipfw says "To let the packet continue after being (de)aliased, set the sysctl variable net.inet.ip.fw.one_pass to 0."
But on my system
~[550]# sysctl net.inet.ip.fw.one_pass
net.inet.ip.fw.one_pass: 1
and testing ipfw rules with ipfwpcap showed that packets continue after nat
# ipfw show | fgrep 10007
00050 173098 71536791 allow ip from any to any tagged 10001,10003,10004,10005,10007
30200 310 185892 nat 7 tag 10007 ip from 192.168.15.0/24{232-234} to any out xmit vlan0
30201 310 185892 allow ip from any to any tagged 10007
Also, please solve kern/143653 (http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/143653) - it's really annoying
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003291254.o2TCsx2V051011>