Date: Thu, 06 Oct 2011 14:42:23 +0400 From: Oleg Strizhak <oleg@pcbtech.ru> To: "Andrey V. Elsukov" <ae@FreeBSD.org> Cc: freebsd-ipfw@FreeBSD.org, melifaro@FreeBSD.org Subject: Re: ipfw nat drops icmp packets from localhost Message-ID: <4E8D860F.2030505@pcbtech.ru> In-Reply-To: <4E8D7728.6050608@FreeBSD.org> References: <4E8D6702.9070707@pcbtech.ru> <4E8D7728.6050608@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Andrey V. Elsukov! You wrote on 06.10.2011 at 13:38: > On 06.10.2011 12:29, Oleg Strizhak wrote: >> After an investigation I've found out a very strange situation - it seems to me, that ipfw nat drops >> some (type 11?) icmp reply packets, whose udp request packets it hasn't rewritten/seen before, e.g: >> >> So, I wonder whether someone else has seen the same case under the similar circumstances? Isn't it a >> bug within ipfw nat module and is there any work-around/patch for that? I've surely googled, but in >> vain =( The only thing, that seems alike to my problem, is >> http://www.freebsd.org/cgi/query-pr.cgi?pr=129093, but the patch for 8 branch didn't cure anything =( > > Can you describe how you did apply and test this patch? in a usual way =) Unfortunately, copy-pasted from the mentioned above page patch couldn't be applied w/ error: > $ patch < ~/ip_fw_nat.patch > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |--- stable/8/sys/netinet/ipfw/ip_fw_nat.c Thu Jul 7 08:33:58 2011 (r223834) > |+++ stable/8/sys/netinet/ipfw/ip_fw_nat.c Thu Jul 7 09:29:11 2011 (r223835) > -------------------------- > Patching file ip_fw_nat.c using Plan A... > patch: **** malformed patch at line 4: else the same results were obtained with combinations of -p5 -l and tail +2 ~/ip_fw_nat.patch options & commands Finally, I modified the patch (which applies w/o a word =) a little bit w/o any difference to the original one: > $ /usr/bin/diff -wBbu3 ~/ip_fw_nat.patch ~/ip_fw_nat.patch.my > --- /root/ip_fw_nat.patch 2011-10-04 14:08:32.000000000 +0400 > +++ /root/ip_fw_nat.patch.my 2011-10-04 14:29:53.000000000 +0400 > @@ -1,5 +1,5 @@ > ---- stable/8/sys/netinet/ipfw/ip_fw_nat.c Thu Jul 7 08:33:58 2011 (r223834) > -+++ stable/8/sys/netinet/ipfw/ip_fw_nat.c Thu Jul 7 09:29:11 2011 (r223835) > +--- ip_fw_nat.c.orig 2010-12-21 20:09:25.000000000 +0300 > ++++ ip_fw_nat.c 2011-10-04 14:27:02.000000000 +0400 > @@ -263,17 +263,27 @@ > else > retval = LibAliasOut(t->lib, c, then I recompiled the kernel, rebooted server and.. all is just the same =( WBR, Oleg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E8D860F.2030505>