From owner-freebsd-ipfw Fri Feb 25 9:58:30 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from info.iet.unipi.it (info.iet.unipi.it [131.114.9.184]) by hub.freebsd.org (Postfix) with ESMTP id 593C337B8CD for ; Fri, 25 Feb 2000 09:58:19 -0800 (PST) (envelope-from luigi@info.iet.unipi.it) Received: (from luigi@localhost) by info.iet.unipi.it (8.9.3/8.9.3) id SAA13170; Fri, 25 Feb 2000 18:56:46 +0100 (CET) (envelope-from luigi) From: Luigi Rizzo Message-Id: <200002251756.SAA13170@info.iet.unipi.it> Subject: Re: keep-state and fwd In-Reply-To: <200002251834.OAA26064@alpha.cnc.una.py> from "jsegovia@cnc.una.py" at "Feb 25, 2000 02:35:29 pm" To: jsegovia@cnc.una.py Date: Fri, 25 Feb 2000 18:56:46 +0100 (CET) Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > I'd like to know if anyone is using ipfw with keep-state > and fwd (forwarding). I'm having trouble getting it > to work. will look at it. can you compile a kernel with "options DDB" and show a trace when it fails ? cheers luigi > For example, if I have the following: > > ipfw add 10 check-state > ipfw add 20 deny tcp from any to any established > ipfw add 30 fwd 127.0.0.1,2525 tcp from _my_net_ to any 25 setup \ > keep-state > ipfw add 40 allow tcp from _my_net_ to any setup keep-state > ipfw add 50 deny tcp from any to any > > And then > $ telnet 127.0.0.1 25 > > I get an instant panic (double fault) > > If I telnet to another machine > $ telnet some_other_machine 25 > > the connection is never established but an error is also > never returned. > > If keep-state is not used (that is, fwd without keep-state) > everything works fine but unfortunately I need ipfw to be > stateful. > > I'm using -current and cvsup'd yesterday. > > Any help greatly appreciated. > > Juan > -- > Centro Nacional de Computacion > Universidad Nacional de Asuncion > Tel. +595 (21) 585 550 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message