From owner-freebsd-ipfw Wed Sep 27 3:46:51 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from guard.polynet.lviv.ua (Guard.PolyNet.Lviv.UA [209.58.62.194]) by hub.freebsd.org (Postfix) with SMTP id D802137B42C for ; Wed, 27 Sep 2000 03:46:44 -0700 (PDT) Received: (qmail 5075 invoked from network); 27 Sep 2000 10:46:38 -0000 Received: from unknown (HELO postoffice.polynet.lviv.ua) (unknown) by unknown with SMTP; 27 Sep 2000 10:46:38 -0000 Received: (qmail 37898 invoked by uid 1001); 27 Sep 2000 10:46:38 -0000 Date: 27 Sep 2000 13:46:37 +0300 Date: Wed, 27 Sep 2000 13:46:37 +0300 From: Adrian Pavlykevych To: ipfw@freebsd.org Subject: "fwd" rule of IPFW freezes all IP traffic Message-ID: <20000927134637.A24652@polynet.lviv.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.1.11i Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi everybody! This is followup to my previous post about problems with "fwd" rule on FreeBSD 4-Stable. I'm trying to upgrade my _existing_ firewall, which uses IPFW and FWTK proxies in transparent mode. I can confirm that following ruleset is working of FreeBSD 3.1 and doesn't work on RELENG_4 as of Sep 21. add 300 allow tcp from 192.168.0.14/32 to 192.168.0.0/16 via de0 add allow tcp from 192.168.0.0/16 to 192.168.0.14/32 via de0 add fwd 127.0.0.1,23 tcp from 0.0.0.0/0 to 0.0.0.0/0 23 via de0 add fwd 127.0.0.1,2221 tcp from 0.0.0.0/0 to 0.0.0.0/0 22 via de0 add fwd 127.0.0.1,21 tcp from 0.0.0.0/0 to 0.0.0.0/0 21 via de0 add fwd 127.0.0.1,110 tcp from 0.0.0.0/0 to 0.0.0.0/0 110 via de0 add fwd 127.0.0.1,6667 tcp from 0.0.0.0/0 to 0.0.0.0/0 6667 via de0 add fwd 127.0.0.1,6791 tcp from 0.0.0.0/0 to 0.0.0.0/0 6791 via de0 add fwd 127.0.0.1,2401 tcp from 0.0.0.0/0 to 0.0.0.0/0 2401 via de0 add fwd 127.0.0.1,5999 tcp from 0.0.0.0/0 to 0.0.0.0/0 5999 via de0 add 65534 allow ip from any to any Hitting "fwd" rule immediately stops _all_ IP traffic on the machine - even ping 127.0.0.1 doesn't work. BTW, Previous responces I've got were misdirected due to my typo in the posted rule. I'd appreciate any suggestions/fixes, -- Adrian Pavlykevych email: System Administrator phone/fax: +380 (322) 742041 State University "Lvivska Polytechnica" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message