From owner-freebsd-net@FreeBSD.ORG Sat Dec 5 19:24:48 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7296D1065672 for ; Sat, 5 Dec 2009 19:24:47 +0000 (UTC) (envelope-from lytboris@gmail.com) Received: from mail-fx0-f209.google.com (mail-fx0-f209.google.com [209.85.220.209]) by mx1.freebsd.org (Postfix) with ESMTP id 33DC38FC21 for ; Sat, 5 Dec 2009 19:24:46 +0000 (UTC) Received: by fxm2 with SMTP id 2so1015695fxm.13 for ; Sat, 05 Dec 2009 11:24:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=ooWt2NOymU9X6T0dIyTFwNM9RAw4Ws1GDAk1FDhm/Ss=; b=agtDRmDNkWIZL80bAd0mpy4lolmzADa2o3GowtJtSjcUvE6R9/dd9JexCUPrrKRIEO lLkaInI5Ms8vcEgvJWVGTP/cLBp/ug3OcE77Mkk7VoRmAWI+hKhJHmMRDujTLxwZ754S K0f7oPh68Ll17F/42/TAF2mCwLOxkYj4jv37Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=IlyfW11chktFqyAW9cSSkUzrEWDk6Ovdhgs+e+RChudgo+CfcmrFh9pVNprt1kKCv+ y/WOF9pmf7/Us706+BGMpeBCqyjfdcoC1eaWPjBxEN4YzcDNJGYK96veACRyFthKZ/fv aj+p4ewH41xe53eqwvzfahQAp3nO2ca9/ZPAs= MIME-Version: 1.0 Received: by 10.239.141.136 with SMTP id c8mr417278hba.148.1260041086100; Sat, 05 Dec 2009 11:24:46 -0800 (PST) In-Reply-To: <933fa9790912040047k64aa11a7s736688e7382725ad@mail.gmail.com> References: <933fa9790912040047k64aa11a7s736688e7382725ad@mail.gmail.com> Date: Sat, 5 Dec 2009 22:24:46 +0300 Message-ID: <933fa9790912051124x77f33878tfe588c0cbdb1fe4@mail.gmail.com> From: Lytochkin Boris To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Gleb Smirnoff Subject: Re: FreeBSD 8: ipfw fwd and pf route-to broken? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2009 19:24:48 -0000 Hi! sbin/ipfw in RELENG_8 do not set sin_len in fwd rule, so sockaddr_in from ipfw is sucked into rtalloc1_fib() at last with zero length and is routed to lo0 instead of correct interface. Returning sin_len into sbin/ipfw resolves issue. sin_len setting was removed in revision 1.146 by luigi. What is correct solution? Return sin_len setting into sbin/ipfw or something else? On Fri, Dec 4, 2009 at 11:47 AM, Lytochkin Boris wrote= : > Hi! > > It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning: > 1) ipfw fwd > a) net.inet.ip.forwarding =3D 0 > =A0Packets altered by fwd rule are silently dropped somewhere > between ip_output() checking forward tag and bpf (tcpdump does not > show these packets) > b) net.inet.ip.forwarding =3D 1 > =A0Packets altered by fwd rule are forwarded according to normal > routing table (in my case they were forwarded to default gateway), not > fwd statement > > 2) pf route-to > Both values of net.inet.ip.forwarding replicates 1b case. > > > Sample configs > > 1) ipfw > add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out > add 65534 allow ip from any to any > > 2) pf > scrub in all fragment reassemble > pass in all flags S/SA keep state > pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24 > to any flags S/SA keep state > > ~>uname -a > FreeBSD thost 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #5: Wed Dec =A02 > 13:43:48 MSK 2009 =A0 =A0 root@thost:/usr/obj/usr/src/sys/CSUP =A0amd64 > > -- Regards, Boris Lytochkin