From owner-freebsd-net@FreeBSD.ORG Thu Nov 4 12:16:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A33F16A4CE for ; Thu, 4 Nov 2004 12:16:03 +0000 (GMT) Received: from gvr.gvr.org (gvr-gw.gvr.org [80.126.103.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AE3243D66 for ; Thu, 4 Nov 2004 12:16:03 +0000 (GMT) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 8E9275F; Thu, 4 Nov 2004 13:16:02 +0100 (CET) Date: Thu, 4 Nov 2004 13:16:02 +0100 From: Guido van Rooij To: freebsd-net@freebsd.org Message-ID: <20041104121602.GA89896@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: dummynet setting ifp pointer in mbuf? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Nov 2004 12:16:03 -0000 I am having problems combining ipf's ipnat rules with dummynet. The reason is that if I use dummmynet queues configured to be used outbound (queue .... out xmit if), then ipnat starts applying rewriting of RDR rules on the wrong interface. e.g.: firewall has 2 interfaces: if0 and if1 if i say: rdr from any to 1.2.3.4 port 22 -> 2.2.3.4 port 2222 then ipfilter should rewrite incoming packets on if0 (and outgoing packets as well). With a dummynet rule like queue 2 tcp from any 22 to any out xmit if0 ipf starts rewriting on if1, which leads to blocked packets as the rewritten packet does not match the state entry for the connection. When looking in the dummynet source I see (rev 1.75, line 1190): pkt->ifp = fwa->oif; So it seems the queued packets interface is set to the outgoing interface. But according to me, that is wrong. Can a dummynet expert verify if my analysis is correct or come up with a real explanation if not? -Guido