From owner-freebsd-current@FreeBSD.ORG  Fri Dec 11 13:02:27 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 94B161065672
	for <freebsd-current@freebsd.org>; Fri, 11 Dec 2009 13:02:27 +0000 (UTC)
	(envelope-from samspeed@mail.ru)
Received: from fallback3.mail.ru (fallback3.mail.ru [94.100.176.58])
	by mx1.freebsd.org (Postfix) with ESMTP id 4BC138FC23
	for <freebsd-current@freebsd.org>; Fri, 11 Dec 2009 13:02:27 +0000 (UTC)
Received: from f212.mail.ru (f212.mail.ru [217.69.128.149])
	by fallback3.mail.ru (mPOP.Fallback_MX) with ESMTP id B32EE10A0
	for <freebsd-current@freebsd.org>; Fri, 11 Dec 2009 15:45:41 +0300 (MSK)
Received: from mail by f212.mail.ru with local id 1NJ4sF-0005Zh-00
	for freebsd-current@freebsd.org; Fri, 11 Dec 2009 15:45:31 +0300
Received: from [95.32.100.117] by win.mail.ru with HTTP;
	Fri, 11 Dec 2009 15:45:31 +0300
From: =?koi8-r?Q?=E1=CE=C4=D2=C5=CA_=F3=CD=C1=C7=C9=CE?= <samspeed@mail.ru>
To: freebsd-current@freebsd.org
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: [95.32.100.117]
Date: Fri, 11 Dec 2009 15:45:31 +0300
X-Mru-Data: 3411:1:1:70:24:1
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: <E1NJ4sF-0005Zh-00.samspeed-mail-ru@f212.mail.ru>
X-Spam: Not detected
X-Mras: Ok
X-Mailman-Approved-At: Fri, 11 Dec 2009 13:24:58 +0000
Subject: ipfw setfib+nat drop localy borned packets
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: =?koi8-r?Q?=E1=CE=C4=D2=C5=CA_=F3=CD=C1=C7=C9=CE?= <samspeed@mail.ru>
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2009 13:02:27 -0000

ipfw drop packets borned on local PC, but from another all work fine

bridge0 172.17.1.200/16
tap1 192.168.6.2/24

ipfw nat 2 config ip 192.168.6.2 same_ports
route add default 172.17.1.200
setfib -F 2 route add default 192.168.6.1

ipfw add 10000 skipto 50206 ip from 172.17.0.0/16 to not 172.17.0.0/16
ipfw add 50205 nat 2 ip from any to 192.168.6.2
ipfw add 50206 setfib 2 ip from any to any
ipfw add 50207 nat 2 log ip from any to any


----------------------
from local machine:
PING internet (xxx.xxx.xxx.xx): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down

tail /var/log/messages
 kernel: ipfw: 50207 Nat ICMP:8.0 172.17.1.200 internet  out via bridge0 
-----------------------

from another host in 172.17.0.0/16 network all packets routed rightly