From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 30 19:57:29 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB9A116A4CF for ; Tue, 30 Nov 2004 19:57:29 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 383E943D83 for ; Tue, 30 Nov 2004 19:57:29 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CZE7s-00074R-00; Tue, 30 Nov 2004 20:57:28 +0100 Received: from [217.227.149.76] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CZE7r-0006sC-00; Tue, 30 Nov 2004 20:57:28 +0100 From: Max Laier To: freebsd-ipfw@freebsd.org Date: Tue, 30 Nov 2004 20:57:59 +0100 User-Agent: KMail/1.7.1 References: <41AC571E.2020503@jrv.org> <7261A3E8-42C2-11D9-AC2A-000A95A0BB90@bnc.net> <41ACBEDF.3020001@jrv.org> In-Reply-To: <41ACBEDF.3020001@jrv.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1539543.4BNNkCIXkr"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200411302058.07224.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: "James R. Van Artsalen" Subject: Re: FreeBSD 5.3 routing IPFW FWD'd packets? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Nov 2004 19:57:30 -0000 --nextPart1539543.4BNNkCIXkr Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 30 November 2004 19:41, James R. Van Artsalen wrote: > Achim Patzner wrote: > > Packets sent to the directly reachable net 192.168.254/8 (rule 64000) > > seem to work. Is it possible that packets are somehow being routed > > after being FWD'd by IPFW? > > > > The counters show that the rule is applied, too. Just the "fwd" part > > is not happening. > > I'm suspicious of this code in netinet/ip_output.c: > > #ifdef IPFIREWALL_FORWARD > ... > fwd_tag =3D m_tag_find(m, PACKET_TAG_IPFORWARD, NULL); > if (fwd_tag) { > if (!in_localip(ip->ip_src) && !in_localaddr(ip->ip_dst))= { > dst =3D (struct sockaddr_in *)&ro->ro_dst; > bcopy((fwd_tag+1), dst, sizeof(struct > sockaddr_in)); m->m_flags |=3D M_SKIP_FIREWALL; > m_tag_delete(m, fwd_tag); > goto again; > } else { > m_tag_delete(m, fwd_tag); > /* Continue. */ > } > } > #endif > > passout: > > this seems to be where FWD is handled in this case. The problem is that > 33 lines above I see this code: > > /* Jump over all PFIL processing if hooks are not active. */ > if (inet_pfil_hook.ph_busy_count =3D=3D -1) > goto passout; > > It looks like me like IPFW forwarding isn't going to happen here unless > there is some PFIL around. That should be taken care of as IPFW is a PFIL consumer now. The only probl= em=20 I can think of - right now - is that your kernel is missing "options=20 IPFIREWALL_FORWARD". You might still want to try to move the "passout:"-lab= el=20 up just above the "#ifdef IPFIREWALL_FORWARD" line. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1539543.4BNNkCIXkr Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBrNDPXyyEoT62BG0RAqdMAJ9ZnNwxTeRwAC0eBqkcqtElrEVN0wCfStmd o/5qYBKVLHEUEyNnY7/OTwQ= =PPks -----END PGP SIGNATURE----- --nextPart1539543.4BNNkCIXkr--