From owner-freebsd-stable  Sun Nov 17 12: 1:23 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3D67C37B401
	for <FreeBSD-stable@FreeBSD.ORG>; Sun, 17 Nov 2002 12:01:22 -0800 (PST)
Received: from InterJet.dellroad.org (adsl-63-194-81-26.dsl.snfc21.pacbell.net [63.194.81.26])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8454843E75
	for <FreeBSD-stable@FreeBSD.ORG>; Sun, 17 Nov 2002 12:01:21 -0800 (PST)
	(envelope-from archie@dellroad.org)
Received: from arch20m.dellroad.org (arch20m.dellroad.org [10.1.1.20])
	by InterJet.dellroad.org (8.9.1a/8.9.1) with ESMTP id LAA51199;
	Sun, 17 Nov 2002 11:55:50 -0800 (PST)
Received: from arch20m.dellroad.org (localhost [127.0.0.1])
	by arch20m.dellroad.org (8.12.6/8.12.6) with ESMTP id gAHJtpOS046502;
	Sun, 17 Nov 2002 11:55:51 -0800 (PST)
	(envelope-from archie@arch20m.dellroad.org)
Received: (from archie@localhost)
	by arch20m.dellroad.org (8.12.6/8.12.6/Submit) id gAHJtptv046501;
	Sun, 17 Nov 2002 11:55:51 -0800 (PST)
From: Archie Cobbs <archie@dellroad.org>
Message-Id: <200211171955.gAHJtptv046501@arch20m.dellroad.org>
Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw?
In-Reply-To: <2F6DCE1EFAB3BC418B5C324F13934C9601D23C0F@exchange.corp.cre8.com>
To: Scott Ullrich <sullrich@CRE8.COM>
Date: Sun, 17 Nov 2002 11:55:50 -0800 (PST)
Cc: "'greg.panula@dolaninformation.com'" <greg.panula@dolaninformation.com>,
	David Kelly <dkelly@hiwaay.net>, FreeBSD-stable@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL99b (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Scott Ullrich wrote:
> I am also having this same problem.  If I revert back to 4.7 RELEASE the
> problem goes away.
> 
> Anyone have an idea of what changed the default behavior between 4.7 RELEASE
> and STABLE or if there is a better workaround other than adding a rule
> before the divert statement allowing the internal networks to talk?

Try reverting rev. 1.130.2.40 of netinet/ip_input.c (there may be
other files in this commit; didn't look (you could do it by time)).
This is just a guess because it seems like it might be relevant.

    http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_input.c?only_with_tag=RELENG_4

-Archie

__________________________________________________________________________
Archie Cobbs     *     Packet Design     *     http://www.packetdesign.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message