Date: Sun, 3 Feb 2002 15:32:50 -0500 (EST) From: Greg Prosser <greg@straynet.com> To: <stable@freebsd.org> Subject: dropping 127.* on the floor (was Re: 4.5 & ipnat breakage) Message-ID: <20020203152433.A5932-100000@voyager.straynet.com> In-Reply-To: <20020203120320.K5932-100000@voyager.straynet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
FWIW, my problem was a change in the ip stack.
We now drop 127.* packets on the floor if they come in across an interface
that is not lo0. Since ipnat redirect rules happen below the ip stack,
packets which are rewritten by ipnat to use a 127.* address get dropped on
the floor when they enter the stack. ipnat records the redirect as having
worked, but the packet just disappears silently. This totally breaks
my transparent proxy, as I forward the connections to 127.0.0.1 via ipnat.
I know by RFC we're supposed to not allow them on the wire, but in this
case they never were, they were just rewritten.
To get around this, I can either bind an arbitrary ip to lo0, and use that
for my transparent proxying, or rip the code out of
sys/netinet/ip_{in,out}put.c, both of which are non-optimal solutions.
Is there any way this can be fixed? I'm surprised this wasn't caught
before it was MFC'd, and no one else is having this problem.
-gnp
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020203152433.A5932-100000>