Date: Mon, 18 Feb 2002 11:50:42 -0800 From: "Crist J. Clark" <crist.clark@attbi.com> To: Julian Elischer <julian@elischer.org> Cc: Luigi Rizzo <rizzo@icir.org>, "Michael R. Wayne" <wayne@staff.msen.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: Odd ipfw behaviour Message-ID: <20020218115042.N48401@blossom.cjclark.org> In-Reply-To: <Pine.BSF.4.21.0202181105550.52663-100000@InterJet.elischer.org>; from julian@elischer.org on Mon, Feb 18, 2002 at 11:08:02AM -0800 References: <20020218093852.B20152@iguana.icir.org> <Pine.BSF.4.21.0202181105550.52663-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 18, 2002 at 11:08:02AM -0800, Julian Elischer wrote:
> that patch is an MFC of a fix that went into -current.
> it allows teh 'fwd' ing of packets from the 'input' filter to
> external machines..
>
> i.e.
> this doesn't work without this patch:
>
> ipfw add 100 fwd 1.2.3.4 tcp from any to 1.2.3.5 80 in recv fxp0
>
>
> On Mon, 18 Feb 2002, Luigi Rizzo wrote:
>
> > On Mon, Feb 18, 2002 at 09:31:13AM -0800, Crist J. Clark wrote:
> > > On Mon, Feb 18, 2002 at 12:01:17PM -0500, Michael R. Wayne wrote:
> > > > On Mon, Feb 18, 2002 at 05:49:46AM -0800, Crist J. Clark wrote:
> > > > > What precise version of FreeBSD are you running, BTW?
> > > >
> > > > 4.5 RELEASE, as stated in original message.
> > >
> > > Do these patches help?
> >
> > can you please summarise the problem and what the fix is trying to
> > achieve ?
Right. What I thought was happening was that the submitter did not
understand that ipfw(8) 'fwd' was only supposed to work on packets
leaving the system. At least that's what the documentation in -STABLE
claims. However, his logs seemed to indicate that packets were getting
'fwd'ed coming in. That's what's confusing me. So I gave him what
looked like a fix in -CURRENT that tries to get the incoming 'fwd's
correct.
My guess is that there is presently broken 'fwd'ing for incoming
packets in -STABLE. But as I have been saying, I haven't had the
chance/motivation to dig through the code or run the tests, so I can't
say that with too much certainty. Thought the submitter could do some
testing for us.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020218115042.N48401>