From owner-freebsd-ipfw Tue Jul 23 10:16:18 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8DACF37B400 for ; Tue, 23 Jul 2002 10:16:15 -0700 (PDT) Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4986943E4A for ; Tue, 23 Jul 2002 10:16:15 -0700 (PDT) (envelope-from rizzo@iguana.icir.org) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g6NHGAK78820; Tue, 23 Jul 2002 10:16:10 -0700 (PDT) (envelope-from rizzo) Date: Tue, 23 Jul 2002 10:16:10 -0700 From: Luigi Rizzo To: Dmitry Demyanchuk Cc: ipfw@FreeBSD.ORG Subject: Re: ipfw2 bug? Message-ID: <20020723101609.B74719@iguana.icir.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from dd@skynet.lt on Tue, Jul 23, 2002 at 12:46:06PM +0200 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG #1 -- i tried "forward" and it seemed to work. The definitive test would be to make sure that the same exact ruleset works with the old ipfw, and in case send me the offending ruleset and the traffic that does not work for you. Of course the combination ipfw&natd+ipf&ipnat is the messiest thing you can have in the world so i won't promise results.... #2 as someone noticed is probably your shell expanding {1,2} -- mine (plain sh) doesn't. In case, put a \ before the braces. #3 -- if you have some rules that cause crashes, please post them as I obviously have all the interest in fixing these bugs. cheers luigi On Tue, Jul 23, 2002 at 12:46:06PM +0200, Dmitry Demyanchuk wrote: > Im using a combination of ipfw&natd+ipf&ipnat together on my router running > fbsd4.6-stable. > Upgrading the ipfw to ipfw2 had the following results: > > 1) i dont know if it is a bug, but the fwd action appears to be disabled in > IPFW2. Monitoring the interface with tcpdump, there is no forwarded traffic, > but the rule counter keep on increasing. > > 2) im getting the following message: > root@hydra:/usr/src/sys:> ipfw add 25 allow ip from 10.1.1.0/24{1,2} to any > ipfw: bad width ``241'' > root@hydra:/usr/src/sys:> > > sources used and working so far: > FreeBSD 4.6-STABLE #0: Tue Jul 23 01:19:17 EET 2002 > * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.2 2002/07/05 22:43:06 luigi Exp $ > * $FreeBSD: src/sys/netinet/ip_fw.h,v 1.73 2002/07/17 07:21:42 luigi Exp $ > * $FreeBSD: src/sys/netinet/ip_fw2.c,v 1.5 2002/07/14 23:47:18 luigi Exp $ > * $FreeBSD: src/sys/netinet/ip_dummynet.c,v 1.24.2.15 2002/07/18 04:43:52 > luigi Exp $ > * $FreeBSD: src/sys/netinet/ip_dummynet.h,v 1.10.2.5 2002/07/09 09:11:42 > luigi Exp $ > ip_fw2.h from ipfw2.stable.020715.diffs patch > > other "set" of sources caused the box to crash/panic when packet hit any of > the pipe/dummynet rule > > ------------------------- > Dmitry Demyanchuk > SkyNET SA > http://www.skynet.lt > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message