Date: Mon, 22 Sep 2008 16:24:52 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Roman Kurakin <rik@inse.ru> Cc: Max Laier <max@love2party.net>, freebsd-net@freebsd.org Subject: Re: Firewall redirect doesn't work any more... Message-ID: <20080922142452.GC6797@garage.freebsd.pl> In-Reply-To: <48D7A797.6070009@inse.ru> References: <20080919075633.GA4333@garage.freebsd.pl> <20080919121602.GC4333@garage.freebsd.pl> <200809191538.02698.max@love2party.net> <20080922102209.GB2468@garage.freebsd.pl> <48D79E1C.3060003@inse.ru> <20080922134830.GA6797@garage.freebsd.pl> <48D7A797.6070009@inse.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--rQ2U398070+RC21q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 22, 2008 at 06:11:35PM +0400, Roman Kurakin wrote: > Pawel Jakub Dawidek wrote: > >On Mon, Sep 22, 2008 at 05:31:08PM +0400, Roman Kurakin wrote: > > =20 > >>So, could you draw you connections and related firewall rules. And the= =20 > >>one you > >>are trying to setup. I will also try to update the machine to the most= =20 > >>recent 7 to > >>see if my setup will stop working. Currently machine runs early=20 > >>September checkout. > >> =20 > > > >client (10.0.1.1) -----> bridge (10.0.5.123) -----> server (10.0.0.2)=20 > > > >ifnet =3D "bridge0" > >rdr on $ifnet proto tcp from any to any port 12345 -> 10.0.5.123 port 12= 345 > >rdr on $ifnet proto udp from any to any port 12345 -> 10.0.5.123 port 12= 345 > > =20 > Try also to play with stateful switches for pf. [...] Adding the following made even UDP non-working: pass in on $ifnet proto udp from any to any keep state For TCP there was no difference. > [...] By the way do you have=20 > any global that affects > defaults? Besides net.inet.ip.forwarding=3D1, no, although I tried various settings for net.link.bridge.*. > >Although it works even with bridge0 and TCP connections, but when bridge > >machine is treated as gateway, eg. > > > >server# nc -l 12345 > >client# route add 1.0.0.0/24 10.0.5.123 > >client# nc 10.0.0.2 12345 > > =20 > And what about ipfw variant? For the first (bridge) case ipfw didn't work at all. No packets were redirected. I haven't tried for the gateway case, because pf works there. --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --rQ2U398070+RC21q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFI16qzForvXbEpPzQRAtc1AKCFTASu1qJdwYSg/a+Csa1VFlksJwCgw9lm 0zKrsqMQziY2ZK5eMBrTSCU= =pwfX -----END PGP SIGNATURE----- --rQ2U398070+RC21q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080922142452.GC6797>