Date: Mon, 15 Apr 2013 16:25:09 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Michael Sierchio <kudzu@tenebras.com> Cc: Spil Oss <spil.oss@gmail.com>, freebsd-ipfw@freebsd.org Subject: Re: Problems with ipfw/natd and axe(4) Message-ID: <20130415160625.K56386@sola.nimnet.asn.au> In-Reply-To: <CAHu1Y73Xu64NY1B=idaKmHKDGOB3AHbcXKi4A48-SNkhJrMy6Q@mail.gmail.com> References: <CAEJyAvOZ6fW0i3yT_D4fH1huje-qsJwA7GGeXqAO1PKzge-YNw@mail.gmail.com> <20130415015850.Y56386@sola.nimnet.asn.au> <CAHu1Y73Xu64NY1B=idaKmHKDGOB3AHbcXKi4A48-SNkhJrMy6Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 14 Apr 2013 10:34:06 -0700, Michael Sierchio wrote: > On Sun, Apr 14, 2013 at 10:26 AM, Ian Smith <smithi@nimnet.asn.au> wrote: > > > 'allow ip' aka 'allow all' doesn't usually take a port number, which > > applies only to tcp and udp. > > It does in ipfw - in which case it means ( udp | tcp ) You're quite right, and my assumption that it would also permit icmp was quite wrong, after a quick test. Which appears to leave the bypassed divert not working with rx/txcsum the only viable suspect. The ruleset is otherwise 'out of the box'. Does anyone know whether this is an issue with libalias(3) generally - in which case using nat instead of divert shouldn't help - or just with natd in particular? cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130415160625.K56386>