From owner-freebsd-hackers  Mon Feb 18 11:50:51 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88])
	by hub.freebsd.org (Postfix) with ESMTP id 2281537B404
	for <freebsd-hackers@FreeBSD.ORG>; Mon, 18 Feb 2002 11:50:43 -0800 (PST)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020218195042.EDKA1147.rwcrmhc52.attbi.com@blossom.cjclark.org>;
          Mon, 18 Feb 2002 19:50:42 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g1IJogD36735;
	Mon, 18 Feb 2002 11:50:42 -0800 (PST)
	(envelope-from cjc)
Date: Mon, 18 Feb 2002 11:50:42 -0800
From: "Crist J. Clark" <crist.clark@attbi.com>
To: Julian Elischer <julian@elischer.org>
Cc: Luigi Rizzo <rizzo@icir.org>,
	"Michael R. Wayne" <wayne@staff.msen.com>,
	freebsd-hackers@FreeBSD.ORG
Subject: Re: Odd ipfw behaviour
Message-ID: <20020218115042.N48401@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20020218093852.B20152@iguana.icir.org> <Pine.BSF.4.21.0202181105550.52663-100000@InterJet.elischer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.21.0202181105550.52663-100000@InterJet.elischer.org>; from julian@elischer.org on Mon, Feb 18, 2002 at 11:08:02AM -0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Mon, Feb 18, 2002 at 11:08:02AM -0800, Julian Elischer wrote:
> that patch is an MFC of a fix that went into -current.
> it allows teh 'fwd' ing of packets from the 'input' filter to
> external machines..
> 
> i.e.
> this doesn't work without this patch:
> 
> ipfw add 100 fwd 1.2.3.4 tcp from any to 1.2.3.5 80 in recv fxp0
> 
> 
> On Mon, 18 Feb 2002, Luigi Rizzo wrote:
> 
> > On Mon, Feb 18, 2002 at 09:31:13AM -0800, Crist J. Clark wrote:
> > > On Mon, Feb 18, 2002 at 12:01:17PM -0500, Michael R. Wayne wrote:
> > > > On Mon, Feb 18, 2002 at 05:49:46AM -0800, Crist J. Clark wrote:
> > > > > What precise version of FreeBSD are you running, BTW?
> > > > 
> > > > 4.5 RELEASE, as stated in original message.
> > > 
> > > Do these patches help?
> > 
> > can you please summarise the problem and what the fix is trying to
> > achieve ?

Right. What I thought was happening was that the submitter did not
understand that ipfw(8) 'fwd' was only supposed to work on packets
leaving the system. At least that's what the documentation in -STABLE
claims. However, his logs seemed to indicate that packets were getting
'fwd'ed coming in. That's what's confusing me. So I gave him what
looked like a fix in -CURRENT that tries to get the incoming 'fwd's
correct.

My guess is that there is presently broken 'fwd'ing for incoming
packets in -STABLE. But as I have been saying, I haven't had the
chance/motivation to dig through the code or run the tests, so I can't
say that with too much certainty. Thought the submitter could do some
testing for us.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message