From owner-freebsd-current@FreeBSD.ORG Fri Aug 27 14:13:56 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D974816A4CE; Fri, 27 Aug 2004 14:13:56 +0000 (GMT) Received: from obh.snafu.de (obh.snafu.de [213.73.92.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E86C43D55; Fri, 27 Aug 2004 14:13:56 +0000 (GMT) (envelope-from ob@gruft.de) Received: from ob by obh.snafu.de with local (Exim 4.34 (FreeBSD)) id 1C0hUI-0004yf-SZ; Fri, 27 Aug 2004 16:13:54 +0200 Date: Fri, 27 Aug 2004 16:13:54 +0200 From: Oliver Brandmueller To: Andre Oppermann Message-ID: <20040827141354.GC74653@e-Gitt.NET> References: <20040827084306.GB74653@e-Gitt.NET> <412F276A.6080807@freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <412F276A.6080807@freebsd.org> User-Agent: Mutt/1.5.6i Sender: Oliver Brandmueller cc: current@freebsd.org Subject: Re: RELENG_5 ipfw problem X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Aug 2004 14:13:57 -0000 Hi. On Fri, Aug 27, 2004 at 02:22:02PM +0200, Andre Oppermann wrote: > Oliver Brandmueller wrote: > >connection to port 25 is possible from a 192.168.25.x IP directly, but > >if I enable this host on the load balancer, I do only see incoming > >packets to port 25 on fxp0 but don't see any packets going back (on > >neither fxp0 now em0 not even lo0). The forwarded packets simply > >disappear. > > Please provide the ipfw line from dmesg as well. Then we can start to > diagnose the problem. champagne# dmesg | fgrep ipfw ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled additional information can be found here: http://the.addict.de/~ob/champagne/CHAMPAGNE (KERNCONF) http://the.addict.de/~ob/champagne/dmesg.champagne (full dmesg) http://the.addict.de/~ob/champagne/kldstat.champagne (loaded klds) http://the.addict.de/~ob/champagne/make.conf.champagne (make.conf) "rule-based forwarding disabled" seems to be the point here. But I still don't understand a few things then: - I did not not see any note about this change in UPDATING? - While this option is disabled, why can the rule then be loaded and matched? If I don't enable dummynet, I cannot even load a dummynet rule. - How to enable it? I think at least there's a POLA problem. - Oliver -- | Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin | | Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ | | Ich bin das Internet. Sowahr ich Gott helfe. | | Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! |