Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 08 May 2021 12:30:19 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 255705] Is 'ipfw fwd' completely broken now?
Message-ID:  <bug-255705-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255705

            Bug ID: 255705
           Summary: Is 'ipfw fwd' completely broken now?
           Product: Base System
           Version: 13.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: bugs.freebsd.org@mx.zzux.com

In addition to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D245277
on 13-0.RELEASE
routing table is fully ignored by ipfw fwd.

Example:

route -4 add default 192.168.68.64 (is a gateway which rejects all)
route -4 add -host 169.254.1.1 192.168.68.1 (is a real gateway)

Routing tables
Internet:
Destination        Gateway            Flags       Use    Mtu      Netif Exp=
ire
default            192.168.68.64      UGS          26   1500       lan1
127.0.0.1          link#3             UH      2589737  16384        lo0
169.254.1.1        192.168.68.1       UGHS         18   1500       lan1
192.168.68.0/24    link#1             U       8126264   1500       lan1
192.168.68.125     link#1             UHS           0  16384        lo0


ipfw table 8 add 8.8.8.8 169.254.1.1
ipfw add 8 fwd tablearg ip from any to table(8)
ipfw add 9 fwd 169.254.1.1 ip from any to 8.8.4.4
ipfw add 10 fwd 192.168.68.1 ip from any to 1.1.1.1



on 10.3-RELEASE (and up to 11.2-RELEASE)

PING 5.5.5.5 (5.5.5.5): 56 data bytes
36 bytes from 192.168.68.64: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 5ac8   0 0000  3f  01 11b2 192.168.68.125  5.5.5.5

but
64 bytes from 8.8.8.8: icmp_seq=3D0 ttl=3D106 time=3D17.876 ms
64 bytes from 8.8.4.4: icmp_seq=3D0 ttl=3D109 time=3D16.055 ms
64 bytes from 1.1.1.1: icmp_seq=3D0 ttl=3D54 time=3D23.887 ms



on 13.0-RELEASE it forwards all the destinations via default gw

PING 1.1.1.1 (1.1.1.1): 56 data bytes
36 bytes from 192.168.68.64: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 b346   0 0000  3f  01 c3d5 192.168.68.125  1.1.1.1

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255705-227>