From owner-freebsd-stable  Mon Feb  4  5:27:11 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 40B5A37B41C; Mon,  4 Feb 2002 05:27:00 -0800 (PST)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.6/8.11.2) id g14DPJB69697;
	Mon, 4 Feb 2002 15:25:19 +0200 (EET)
	(envelope-from ru)
Date: Mon, 4 Feb 2002 15:25:19 +0200
From: Ruslan Ermilov <ru@freebsd.org>
To: Mike Tancsa <mike@sentex.net>
Cc: stable@freebsd.org, Warner Losh <imp@freebsd.org>
Subject: Re: dropping 127.* on the floor
Message-ID: <20020204152519.B58535@sunbay.com>
References: <3C5DE578.4020409@gmx.net> <20020203152433.A5932-100000@voyager.straynet.com> <3C5DE578.4020409@gmx.net> <5.1.0.14.0.20020204080228.022ab9c0@192.168.0.12>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5.1.0.14.0.20020204080228.022ab9c0@192.168.0.12>
User-Agent: Mutt/1.3.23i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Mon, Feb 04, 2002 at 08:04:20AM -0500, Mike Tancsa wrote:
> Hi,
>         Will this be backed out, or do you know of a work around to this 
> issue?
> 
The ip_input() part in question was committed to RELENG_4 in revision
1.130.2.20 by a different committer, about a year ago.  I think the
original poster should fix his rulesets instead.  I don't believe
that transparent proxying (using the IPFIREWALL_FORWARD) was broken
by this change, as it doesn't bind sockets to loopback addresses.

> At 07:17 PM 2/3/2002 -0700, M. Warner Losh wrote:
> >In message: <3C5DE578.4020409@gmx.net>
> >            Michael Nottebrock <michaelnottebrock@gmx.net> writes:
> >: Greg Prosser wrote:
> >:
> >: > FWIW, my problem was a change in the ip stack.
> >: >
> >: > We now drop 127.* packets on the floor if they come in across an interface
> >: > that is not lo0.  Since ipnat redirect rules happen below the ip stack,
> >: > packets which are rewritten by ipnat to use a 127.* address get dropped on
> >: > the floor when they enter the stack.  ipnat records the redirect as having
> >: > worked, but the packet just disappears silently.  This totally breaks
> >: > my transparent proxy, as I forward the connections to 127.0.0.1 via ipnat.
> >:
> >:
> >: Ugh. This probably means that transparent squid proxying will also break
> >: and _that_ scares me (no touchy cvsup for my -STABLE box). You might
> >: want to contact the committer about this.
> >
> >It is certainly looking like this change will be backed out.  It is
> >well intended, but breaks too many things. :-(
> >
> >Warner


-- 
Ruslan Ermilov		Sysadmin and DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message