From owner-freebsd-stable Fri Sep 22 2:51:57 2000 Delivered-To: freebsd-stable@freebsd.org Received: from guard.polynet.lviv.ua (Guard.PolyNet.Lviv.UA [209.58.62.194]) by hub.freebsd.org (Postfix) with SMTP id 8AE1B37B423 for ; Fri, 22 Sep 2000 02:51:49 -0700 (PDT) Received: (qmail 58920 invoked from network); 22 Sep 2000 09:51:44 -0000 Received: from unknown (HELO postoffice.polynet.lviv.ua) (unknown) by unknown with SMTP; 22 Sep 2000 09:51:44 -0000 Received: (qmail 6745 invoked by uid 1001); 22 Sep 2000 09:51:43 -0000 Date: 22 Sep 2000 12:51:43 +0300 Date: Fri, 22 Sep 2000 12:51:43 +0300 From: Adrian Pavlykevych To: Bill Fumerola Cc: stable@freebsd.org, luigi@labinfo.iet.unipi.it Subject: Re: Strange behavior of ipfw "fwd" rule Message-ID: <20000922125143.A1633@polynet.lviv.ua> References: <20000921180334.D10274@polynet.lviv.ua> <20000921111100.I66839@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.11i In-Reply-To: <20000921111100.I66839@jade.chc-chimes.com>; from billf@chimesnet.com on Thu, Sep 21, 2000 at 11:11:00AM -0400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Sep 21, 2000 at 11:11:00AM -0400, Bill Fumerola wrote: > On Thu, Sep 21, 2000 at 06:03:35PM +0300, Adrian Pavlykevych wrote: > > > I'm experiencing strange problem with "fwd" rules of ipfw > > > > When I configure ipfw with following rule: > > "fwd 127.0.0.1,23 tcp from any to any" > > to provide transparent proxy, first time the rule is triggered, > > machine looses all IP connectivity. > > That's because you're telling ipfw to take EVERY tcp packet and cram > in into that transparent proxy, which obviously isn't what you want. > > More likely you want something like > > fwd 127.0.0.1,8080 tcp from any to any 80 Well, that's what happens, when someone writes emails in frustration :-) Of course I'm using rule like: --------------------------- add 300 allow tcp from 192.168.0.14/32 to 192.168.0.0/16 via de0 add allow tcp from 192.168.0.0/16 to 192.168.0.14/32 via de0 add fwd 127.0.0.1,23 tcp from 0.0.0.0/0 to 0.0.0.0/0 23 via de0 add fwd 127.0.0.1,2221 tcp from 0.0.0.0/0 to 0.0.0.0/0 22 via de0 add fwd 127.0.0.1,21 tcp from 0.0.0.0/0 to 0.0.0.0/0 21 via de0 add fwd 127.0.0.1,110 tcp from 0.0.0.0/0 to 0.0.0.0/0 110 via de0 add fwd 127.0.0.1,6667 tcp from 0.0.0.0/0 to 0.0.0.0/0 6667 via de0 add fwd 127.0.0.1,6791 tcp from 0.0.0.0/0 to 0.0.0.0/0 6791 via de0 add fwd 127.0.0.1,2401 tcp from 0.0.0.0/0 to 0.0.0.0/0 2401 via de0 add fwd 127.0.0.1,5999 tcp from 0.0.0.0/0 to 0.0.0.0/0 5999 via de0 --------------------------- But the problem is real. Any hit on "fwd" rule and entire machine is cut off _including_ ping (which shouldn't be affected by "tcp" rules, right?) -- Adrian Pavlykevych email: System Administrator phone/fax: +380 (322) 742041 State University "Lvivska Polytechnica" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message