From owner-freebsd-stable  Sun Feb  3 12:34:17 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from voyager.straynet.com (voyager.straynet.com [208.185.24.8])
	by hub.freebsd.org (Postfix) with ESMTP id AF6C537B41D
	for <stable@freebsd.org>; Sun,  3 Feb 2002 12:34:10 -0800 (PST)
Received: by voyager.straynet.com (Postfix, from userid 1001)
	id C8BE8206A0; Sun,  3 Feb 2002 15:32:50 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
	by voyager.straynet.com (Postfix) with ESMTP id B6EE118C97
	for <stable@freebsd.org>; Sun,  3 Feb 2002 15:32:50 -0500 (EST)
Date: Sun, 3 Feb 2002 15:32:50 -0500 (EST)
From: Greg Prosser <greg@straynet.com>
X-X-Sender:  <xyst@voyager.straynet.com>
Reply-To: Greg Prosser <greg@straynet.com>
To: <stable@freebsd.org>
Subject: dropping 127.* on the floor (was Re: 4.5 & ipnat breakage)
In-Reply-To: <20020203120320.K5932-100000@voyager.straynet.com>
Message-ID: <20020203152433.A5932-100000@voyager.straynet.com>
X-Sysadmin-Nolife: True
X-BOFH: Yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


FWIW, my problem was a change in the ip stack.

We now drop 127.* packets on the floor if they come in across an interface
that is not lo0.  Since ipnat redirect rules happen below the ip stack,
packets which are rewritten by ipnat to use a 127.* address get dropped on
the floor when they enter the stack.  ipnat records the redirect as having
worked, but the packet just disappears silently.  This totally breaks
my transparent proxy, as I forward the connections to 127.0.0.1 via ipnat.

I know by RFC we're supposed to not allow them on the wire, but in this
case they never were, they were just rewritten.

To get around this, I can either bind an arbitrary ip to lo0, and use that
for my transparent proxying, or rip the code out of
sys/netinet/ip_{in,out}put.c, both of which are non-optimal solutions.

Is there any way this can be fixed?  I'm surprised this wasn't caught
before it was MFC'd, and no one else is having this problem.

-gnp


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message