From owner-freebsd-stable Mon Feb 4 5: 6:21 2002 Delivered-To: freebsd-stable@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 95B9437B417; Mon, 4 Feb 2002 05:06:16 -0800 (PST) Received: (from root@localhost) by cage.simianscience.com (8.11.6/8.11.6) id g14D6F902056; Mon, 4 Feb 2002 08:06:15 -0500 (EST) (envelope-from mike@sentex.net) Received: from house.sentex.net (fcage [192.168.0.2]) by cage.simianscience.com (8.11.6/8.11.6av) with ESMTP id g14D6A902048; Mon, 4 Feb 2002 08:06:11 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020204080228.022ab9c0@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 04 Feb 2002 08:04:20 -0500 To: ru@freebsd.org From: Mike Tancsa Subject: Re: dropping 127.* on the floor Cc: stable@freebsd.org In-Reply-To: <20020203.191758.96919906.imp@village.org> References: <3C5DE578.4020409@gmx.net> <20020203152433.A5932-100000@voyager.straynet.com> <3C5DE578.4020409@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Will this be backed out, or do you know of a work around to this issue? ---Mike At 07:17 PM 2/3/2002 -0700, M. Warner Losh wrote: >In message: <3C5DE578.4020409@gmx.net> > Michael Nottebrock writes: >: Greg Prosser wrote: >: >: > FWIW, my problem was a change in the ip stack. >: > >: > We now drop 127.* packets on the floor if they come in across an interface >: > that is not lo0. Since ipnat redirect rules happen below the ip stack, >: > packets which are rewritten by ipnat to use a 127.* address get dropped on >: > the floor when they enter the stack. ipnat records the redirect as having >: > worked, but the packet just disappears silently. This totally breaks >: > my transparent proxy, as I forward the connections to 127.0.0.1 via ipnat. >: >: >: Ugh. This probably means that transparent squid proxying will also break >: and _that_ scares me (no touchy cvsup for my -STABLE box). You might >: want to contact the committer about this. > >It is certainly looking like this change will be backed out. It is >well intended, but breaks too many things. :-( > >Warner > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-stable" in the body of the message -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message