Date: Sat, 5 Dec 2009 22:24:46 +0300 From: Lytochkin Boris <lytboris@gmail.com> To: freebsd-net@freebsd.org Cc: Gleb Smirnoff <glebius@glebius.int.ru> Subject: Re: FreeBSD 8: ipfw fwd and pf route-to broken? Message-ID: <933fa9790912051124x77f33878tfe588c0cbdb1fe4@mail.gmail.com> In-Reply-To: <933fa9790912040047k64aa11a7s736688e7382725ad@mail.gmail.com> References: <933fa9790912040047k64aa11a7s736688e7382725ad@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! sbin/ipfw in RELENG_8 do not set sin_len in fwd rule, so sockaddr_in from ipfw is sucked into rtalloc1_fib() at last with zero length and is routed to lo0 instead of correct interface. Returning sin_len into sbin/ipfw resolves issue. sin_len setting was removed in revision 1.146 by luigi. What is correct solution? Return sin_len setting into sbin/ipfw or something else? On Fri, Dec 4, 2009 at 11:47 AM, Lytochkin Boris <lytboris@gmail.com> wrote= : > Hi! > > It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning: > 1) ipfw fwd > a) net.inet.ip.forwarding =3D 0 > =A0Packets altered by fwd rule are silently dropped somewhere > between ip_output() checking forward tag and bpf (tcpdump does not > show these packets) > b) net.inet.ip.forwarding =3D 1 > =A0Packets altered by fwd rule are forwarded according to normal > routing table (in my case they were forwarded to default gateway), not > fwd statement > > 2) pf route-to > Both values of net.inet.ip.forwarding replicates 1b case. > > > Sample configs > > 1) ipfw > add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out > add 65534 allow ip from any to any > > 2) pf > scrub in all fragment reassemble > pass in all flags S/SA keep state > pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24 > to any flags S/SA keep state > > ~>uname -a > FreeBSD thost 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #5: Wed Dec =A02 > 13:43:48 MSK 2009 =A0 =A0 root@thost:/usr/obj/usr/src/sys/CSUP =A0amd64 > > -- Regards, Boris Lytochkin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?933fa9790912051124x77f33878tfe588c0cbdb1fe4>