Date: Fri, 02 Nov 2001 15:55:15 +0100 From: Jonas =?iso-8859-1?Q?B=FClow?= <jonas.bulow@servicefactory.se> To: freebsd-net@freebsd.org Subject: FreeBSD 4.4, Bug in IPFilter v3.4.20 (264), fastroute bug. Message-ID: <3BE2B3D3.EDE64681@servicefactory.se>
next in thread | raw e-mail | index | archive | help
Hi, I just found out what seems to be a bug in IPFilter 3.4.20 (and .21). Using a machine with two NICs ep0 and ep1 and the filter rule: @999 block in quick on ep1 to ep0:10.0.0.42 proto tcp from any to any port = 80 Will cause a reboot on the first packet arrival on ep1 with destination port 80. I should mention that the rule above works in v3.4.17. Any hints or suggestions to solve this? Is there any more information I should mention about the problem? Another interesting problem with fastroute is that the fastroute:ed packet will get an incorrect IP-checksum if it is used together with a PAT rules like: map ep0 10.10.0.0/24 -> 10.0.0.1/32 proxy port ftp ftp/tcp map ep0 10.10.0.0/24 -> 10.0.0.1/32 portmap tcp/udp 1025:65500 map ep0 10.10.0.0/24 -> 10.0.0.1/32 I thought fastroute:ed packets were sent directly to the outgoing interface as shown in http://coombs.anu.edu.au/ipfilter/ipfil-flow.html. It seems like the NAT engine in some way corrupts fastroute:ed packets anyway. Has anyone else experienced problems similar to this? I have searched the IPFilter mail archive briefly without finding any similar problems so I hope it's not an FAQ item. :-) regards, jonas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BE2B3D3.EDE64681>