From nobody Fri Jun 25 12:38:26 2021 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1E2CA11D7E50 for ; Fri, 25 Jun 2021 12:38:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GBGkp03dmz3vPj for ; Fri, 25 Jun 2021 12:38:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DAD782CF4 for ; Fri, 25 Jun 2021 12:38:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 15PCcPt6086301 for ; Fri, 25 Jun 2021 12:38:25 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 15PCcPFT086300 for bugs@FreeBSD.org; Fri, 25 Jun 2021 12:38:25 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 256828] ipfw fwd stopped working after upgrade from 12.2 to 13.0 Date: Fri, 25 Jun 2021 12:38:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 13.0-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: woody@woody.ru X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256828 --- Comment #2 from Mike --- Second box was upgraded from 12.1 to 13.0 root@freebsd:~ # uname -a FreeBSD freebsd 13.0-RELEASE-p1 FreeBSD 13.0-RELEASE-p1 #0: Wed May 26 22:1= 2:31 UTC 2021=20=20=20=20 root@amd64-builder.daemonology.net:/usr/obj/usr/src/i386.i386/sys/GENERIC = i386 root@freebsd:~ # ifconfig vtnet0: flags=3D8863 metric 0 mtu 1= 500 =20=20=20=20=20=20=20 options=3D4c07bb ether fa:16:3e:41:3f:66 inet 185.241.193.112 netmask 0xfffffc00 broadcast 185.241.195.255 inet6 fe80::f816:3eff:fe41:3f66%vtnet0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (10Gbase-T ) status: active nd6 options=3D23 vtnet1: flags=3D8863 metric 0 mtu 1= 500 =20=20=20=20=20=20=20 options=3D4c07bb ether fa:16:3e:83:5e:a0 inet 185.86.145.31 netmask 0xfffffc00 broadcast 185.86.147.255 inet6 fe80::f816:3eff:fe83:5ea0%vtnet1 prefixlen 64 scopeid 0x2 media: Ethernet autoselect (10Gbase-T ) status: active nd6 options=3D23 lo0: flags=3D8049 metric 0 mtu 16384 options=3D680003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=3D23 root@freebsd:~ # ipfw show 01000 984 82430 fwd 185.241.195.254 ip4 from 185.241.193.112 to any out 65534 8980 6911385 allow ip from any to any 65535 0 0 deny ip from any to any root@freebsd:~ # netstat -4rn Routing tables Internet: Destination Gateway Flags Netif Expire default 185.86.147.254 UGS vtnet1 127.0.0.1 link#3 UH lo0 185.86.144.0/22 link#2 U vtnet1 185.86.145.31 link#2 UHS lo0 185.241.192.0/22 link#1 U vtnet0 185.241.193.112 link#1 UHS lo0 root@freebsd:~ # cat /etc/rc.conf hostname=3D"freebsd" ifconfig_DEFAULT=3D"DHCP inet6 accept_rtadv" growfs_enable=3D"YES" defaultrouter=3D"185.86.147.254" ifconfig_vtnet1=3D"inet 185.86.145.31/22" ifconfig_vtnet0=3D"inet 185.241.193.112/22" sshd_enable=3D"YES" gateway_enable=3D"YES" firewall_enable=3D"YES" firewall_script=3D"/usr/local/etc/ipfw.sh" External ping to second IP stopped working after upgrade! woody@unknown ~ % ping 185.241.193.112 PING 185.241.193.112 (185.241.193.112): 56 data bytes Request timeout for icmp_seq 0 Request timeout for icmp_seq 1 Request timeout for icmp_seq 2 Request timeout for icmp_seq 3 root@freebsd:~ # tcpdump -en -i vtnet0 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet0, link-type EN10MB (Ethernet), capture size 262144 bytes 12:35:35.797653 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 20, length 64 12:35:36.804656 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 21, length 64 12:35:37.815712 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 22, length 64 12:35:38.804542 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 23, length 64 12:35:39.807677 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 24, length 64 12:35:40.807667 02:37:b3:65:6a:42 > fa:16:3e:41:3f:66, ethertype IPv4 (0x08= 00), length 98: 176.59.17.29 > 185.241.193.112: ICMP echo request, id 64342, seq= 25, length 64 root@freebsd:~ # tcpdump -en -i vtnet1 icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet1, link-type EN10MB (Ethernet), capture size 262144 bytes 12:36:12.915754 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 5= 7, length 64 12:36:13.922502 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 5= 8, length 64 12:36:14.907498 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 5= 9, length 64 12:36:15.924737 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 6= 0, length 64 12:36:16.924447 fa:16:3e:83:5e:a0 > 02:37:b3:65:6a:42, ethertype IPv4 (0x08= 00), length 98: 185.241.193.112 > 176.59.17.29: ICMP echo reply, id 64342, seq 6= 1, length 64 ICMP echo replies goes back via defaultrouter interfaces. ipfw keeps increasing rule count --=20 You are receiving this mail because: You are the assignee for the bug.=