Date: Fri, 25 Jun 2021 12:38:26 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 256828] ipfw fwd stopped working after upgrade from 12.2 to 13.0 Message-ID: <bug-256828-227-zydKARBRvX@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-256828-227@https.bugs.freebsd.org/bugzilla/> References: <bug-256828-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256828 --- Comment #2 from Mike <woody@woody.ru> --- Second box was upgraded from 12.1 to 13.0 root@freebsd:~ # uname -a FreeBSD freebsd 13.0-RELEASE-p1 FreeBSD 13.0-RELEASE-p1 #0: Wed May 26 22:1= 2:31 UTC 2021=20=20=20=20 root@amd64-builder.daemonology.net:/usr/obj/usr/src/i386.i386/sys/GENERIC = i386 root@freebsd:~ # ifconfig vtnet0: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1= 500 =20=20=20=20=20=20=20 options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU= M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether fa:16:3e:41:3f:66 inet 185.241.193.112 netmask 0xfffffc00 broadcast 185.241.195.255 inet6 fe80::f816:3eff:fe41:3f66%vtnet0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> vtnet1: flags=3D8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1= 500 =20=20=20=20=20=20=20 options=3D4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSU= M,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6> ether fa:16:3e:83:5e:a0 inet 185.86.145.31 netmask 0xfffffc00 broadcast 185.86.147.255 inet6 fe80::f816:3eff:fe83:5ea0%vtnet1 prefixlen 64 scopeid 0x2 media: Ethernet autoselect (10Gbase-T <full-duplex>) status: active nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3D680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> root@freebsd:~ # ipfw show 01000 984 82430 fwd 185.241.195.254 ip4 from 185.241.193.112 to any out 65534 8980 6911385 allow ip from any to any 65535 0 0 deny ip from any to any root@freebsd:~ # netstat -4rn Routing tables Internet: Destination Gateway Flags Netif Expire default 185.86.147.254 UGS vtnet1 127.0.0.1 link#3 UH lo0 185.86.144.0/22 link#2 U vtnet1 185.86.145.31 link#2 UHS lo0 185.241.192.0/22 link#1 U vtnet0 185.241.193.112 link#1 UHS lo0 root@freebsd:~ # cat /etc/rc.conf hostname=3D"freebsd" ifconfig_DEFAULT=3D"DHCP inet6 accept_rtadv" growfs_enable=3D"YES" defaultrouter=3D"185.86.147.254" ifconfig_vtnet1=3D"inet 185.86.145.31/22" ifconfig_vtnet0=3D"inet 185.241.193.112/22" sshd_enable=3D"YES" gateway_enable=3D"YES" firewall_enable=3D"YES" firewall_script=3D"/usr/local/etc/ipfw.sh" External ping to second IP stopped working after upgrade! woody@unknown ~ % ping 185.241.193.112 PING 185.241.193.112 (185.241.193.112): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 root@freebsd:~ # tcpdump -en -i vtnet0 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes 12:35:35.797653 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 20, length 64 12:35:36.804656 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 21, length 64 12:35:37.815712 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 22, length 64 12:35:38.804542 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 23, length 64 12:35:39.807677 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 24, length 64 12:35:40.807667 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 25, length 64 root@freebsd:~ # tcpdump -en -i vtnet1 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes 12:36:12.915754 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 5= 7, length 64 12:36:13.922502 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 5= 8, length 64 12:36:14.907498 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 5= 9, length 64 12:36:15.924737 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 6= 0, length 64 12:36:16.924447 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 6= 1, length 64 ICMP echo replies goes back via defaultrouter interfaces. ipfw keeps increasing rule count --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-256828-227-zydKARBRvX>