From owner-freebsd-net@FreeBSD.ORG  Fri Dec  4 08:48:30 2009
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 78D2B10656C4
	for <freebsd-net@freebsd.org>; Fri,  4 Dec 2009 08:48:30 +0000 (UTC)
	(envelope-from lytboris@gmail.com)
Received: from mail-fx0-f218.google.com (mail-fx0-f218.google.com
	[209.85.220.218])
	by mx1.freebsd.org (Postfix) with ESMTP id 14A7F8FC23
	for <freebsd-net@freebsd.org>; Fri,  4 Dec 2009 08:48:29 +0000 (UTC)
Received: by fxm10 with SMTP id 10so2202257fxm.34
	for <freebsd-net@freebsd.org>; Fri, 04 Dec 2009 00:48:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:date:message-id:subject
	:from:to:content-type;
	bh=+qiEgBMgssWpOh82vmFk6CJvUpcHs/vJ1liNQUacGeQ=;
	b=IRDLXkC9a19bmNdibpP+pX+poz/AJQNEQ1F2VSABpFIILNTfku+BBaZiBxH2VSlTOP
	itibtSTJQUyGtq1jqbnIeXkJMYdmnCQLPWBetLnRqcLHcRCfoZhZSfsRotagRhgqTvDT
	tUFoOoAXSiUCSMQ9/gCZhK7rSk3ZxhNybVm+E=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=TvDCkZw9nAVP5bWKyFsj8TUTXRK0OVI5OZJ0jAAhxSYLfDpmIU/N7EBNF3jMClml2q
	v2iTV3lwzx1+KHgbsruaBX/b32dk++14CNCzheOmsCIeRCAaGrD3S80rOWMqUwylzZKq
	nAZ5rGkPX3MpqQmYybZpqJVP4L1Fc2YL6/+RI=
MIME-Version: 1.0
Received: by 10.239.156.14 with SMTP id k14mr263794hbc.181.1259915200638; Fri, 
	04 Dec 2009 00:26:40 -0800 (PST)
Date: Fri, 4 Dec 2009 11:26:40 +0300
Message-ID: <933fa9790912040026j6ca450c5qb355cf7f9efcdeb@mail.gmail.com>
From: Lytochkin Boris <lytboris@gmail.com>
To: freebsd-net@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Subject: FreeBSD 8: ipfw fwd and pf's route-to (reply-to) broken?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2009 08:48:30 -0000

Hi!

It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning:
1) ipfw fwd
a) net.inet.ip.forwarding = 0
   Then packets altered by fwd rule are silently dropped somewhere
between ip_output() checking forward tag and bpf (tcpdump does not
show these packets)
b) net.inet.ip.forwarding = 1
   Packets altered by fwd rule are forwarded according to normal
routing table (in my case they were forwarded to default gateway), not
fwd statement

2) pf route-to
Both values of net.inet.ip.forwarding replicates 1b case.


Sample configs

1) ipfw
add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out
add 65534 allow ip from any to any

2) pf
scrub in all fragment reassemble
pass in all flags S/SA keep state
pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24
to any flags S/SA keep state

~>uname -a
FreeBSD thost 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #5: Wed Dec  2
13:43:48 MSK 2009     root@thost:/usr/obj/usr/src/sys/CSUP  amd64


-- 
Regards,
Boris Lytochkin