Date: Tue, 29 Feb 2000 18:51:55 +0100 (CET) From: Luigi Rizzo <luigi@info.iet.unipi.it> To: jsegovia@cnc.una.py Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: keep-state and fwd Message-ID: <200002291751.SAA32091@info.iet.unipi.it> In-Reply-To: <200002251834.OAA26064@alpha.cnc.una.py> from "jsegovia@cnc.una.py" at "Feb 25, 2000 02:35:29 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
ok, just committed a fix on -current, code for -stable should follow shortly. Now it works as expected for both local and externally initiated connections. Please try it out /home/ncvs/src/sys/netinet/ip_fw.c,v <-- ip_fw.c new revision: 1.131; previous revision: 1.130 cheers luigi > I'd like to know if anyone is using ipfw with keep-state > and fwd (forwarding). I'm having trouble getting it > to work. > > For example, if I have the following: > > ipfw add 10 check-state > ipfw add 20 deny tcp from any to any established > ipfw add 30 fwd 127.0.0.1,2525 tcp from _my_net_ to any 25 setup \ > keep-state > ipfw add 40 allow tcp from _my_net_ to any setup keep-state > ipfw add 50 deny tcp from any to any > > And then > $ telnet 127.0.0.1 25 > > I get an instant panic (double fault) > > If I telnet to another machine > $ telnet some_other_machine 25 > > the connection is never established but an error is also > never returned. > > If keep-state is not used (that is, fwd without keep-state) > everything works fine but unfortunately I need ipfw to be > stateful. > > I'm using -current and cvsup'd yesterday. > > Any help greatly appreciated. > > Juan > -- > Centro Nacional de Computacion > Universidad Nacional de Asuncion > Tel. +595 (21) 585 550 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002291751.SAA32091>