From owner-freebsd-net@FreeBSD.ORG Thu Nov 4 14:01:59 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E06D16A4CE for ; Thu, 4 Nov 2004 14:01:59 +0000 (GMT) Received: from smtp.cegetel.net (mf00.sitadelle.com [212.94.174.77]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C07C43D53 for ; Thu, 4 Nov 2004 14:01:58 +0000 (GMT) (envelope-from tataz@sitadelle.com) Received: from droopy.tech.sitadelle.com (213-223-184-193.dti.cegetel.net [213.223.184.193]) by smtp.cegetel.net (Postfix) with ESMTP id DAD8F6710B; Thu, 4 Nov 2004 15:01:56 +0100 (CET) Received: by droopy.tech.sitadelle.com (Postfix, from userid 1000) id 72002FC00E; Thu, 4 Nov 2004 15:02:17 +0100 (CET) Date: Thu, 4 Nov 2004 15:02:17 +0100 From: Jeremie Le Hen To: Guido van Rooij Message-ID: <20041104140217.GS10641@sitadelle.com> References: <20041104121602.GA89896@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041104121602.GA89896@gvr.gvr.org> User-Agent: Mutt/1.5.6+20040907i cc: freebsd-net@freebsd.org Subject: Re: dummynet setting ifp pointer in mbuf? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Nov 2004 14:01:59 -0000 Hi Guido, this is a known problem on RELENG_4, there is an existing patch [1] for this in the PR database. Which version of FreeBSD are you using ? I don't know if this problem has been corrected in RELENG_5. [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/61685 Regards, Jeremie On Thu, Nov 04, 2004 at 01:16:02PM +0100, Guido van Rooij wrote: > > I am having problems combining ipf's ipnat rules with dummynet. The > reason is that if I use dummmynet queues configured to > be used outbound (queue .... out xmit if), then ipnat starts > applying rewriting of RDR rules on the wrong interface. > > e.g.: > firewall has 2 interfaces: if0 and if1 > if i say: > rdr from any to 1.2.3.4 port 22 -> 2.2.3.4 port 2222 > then ipfilter should rewrite incoming packets on if0 (and > outgoing packets as well). > With a dummynet rule like > queue 2 tcp from any 22 to any out xmit if0 > ipf starts rewriting on if1, which leads to blocked packets as > the rewritten packet does not match the state entry for the connection. > > When looking in the dummynet source I see (rev 1.75, line 1190): > pkt->ifp = fwa->oif; > So it seems the queued packets interface is set to the outgoing interface. > But according to me, that is wrong. > > Can a dummynet expert verify if my analysis is correct or come up > with a real explanation if not? > > -Guido -- Jeremie Le Hen jeremie@le-hen.org