Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 27 Aug 2004 16:13:54 +0200
From:      Oliver Brandmueller <ob@e-Gitt.NET>
To:        Andre Oppermann <andre@freebsd.org>
Cc:        current@freebsd.org
Subject:   Re: RELENG_5 ipfw problem
Message-ID:  <20040827141354.GC74653@e-Gitt.NET>
In-Reply-To: <412F276A.6080807@freebsd.org>
References:  <20040827084306.GB74653@e-Gitt.NET> <412F276A.6080807@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi.

On Fri, Aug 27, 2004 at 02:22:02PM +0200, Andre Oppermann wrote:
> Oliver Brandmueller wrote:
> >connection to port 25 is possible from a 192.168.25.x IP directly, but 
> >if I enable this host on the load balancer, I do only see incoming 
> >packets to port 25 on fxp0 but don't see any packets going back (on 
> >neither fxp0 now em0 not even lo0). The forwarded packets simply 
> >disappear.
> 
> Please provide the ipfw line from dmesg as well.  Then we can start to
> diagnose the problem.

champagne# dmesg | fgrep ipfw
ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled

additional information can be found here:

http://the.addict.de/~ob/champagne/CHAMPAGNE		(KERNCONF)
http://the.addict.de/~ob/champagne/dmesg.champagne	(full dmesg)
http://the.addict.de/~ob/champagne/kldstat.champagne	(loaded klds)
http://the.addict.de/~ob/champagne/make.conf.champagne	(make.conf)

"rule-based forwarding disabled" seems to be the point here. But I still 
don't understand a few things then:

- I did not not see any note about this change in UPDATING?

- While this option is disabled, why can the rule then be loaded and 
  matched? If I don't enable dummynet, I cannot even load a dummynet
  rule.

- How to enable it?

I think at least there's a POLA problem.

- Oliver

-- 
| Oliver Brandmueller | Offenbacher Str. 1  | Germany       D-14197 Berlin |
| Fon +49-172-3130856 | Fax +49-172-3145027 | WWW:   http://the.addict.de/ |
|               Ich bin das Internet. Sowahr ich Gott helfe.               |
| Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! |

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040827141354.GC74653>