From owner-freebsd-bugs@FreeBSD.ORG Mon Nov 17 01:45:42 2008 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32DE51065677 for ; Mon, 17 Nov 2008 01:45:42 +0000 (UTC) (envelope-from jguojun@gmail.com) Received: from smtp120.sbc.mail.sp1.yahoo.com (smtp120.sbc.mail.sp1.yahoo.com [69.147.64.93]) by mx1.freebsd.org (Postfix) with SMTP id 198338FC1C for ; Mon, 17 Nov 2008 01:45:42 +0000 (UTC) (envelope-from jguojun@gmail.com) Received: (qmail 74143 invoked from network); 17 Nov 2008 01:19:02 -0000 Received: from unknown (HELO ?192.168.2.14?) (jguojun@75.37.2.43 with plain) by smtp120.sbc.mail.sp1.yahoo.com with SMTP; 17 Nov 2008 01:19:02 -0000 X-YMail-OSG: pYgi3AgVM1m3OI5SAbvCfHh3mGsWofiFyN1c2XcSPw7SHycQqyUrA7yQ5CthLjbHh06gMIb8iGaBYRbuRiGp0OXU8iDIpawGb37MjZWFACOzq0a1rSuPLQUehNZfTpRi1qq6KCLYHQ9z6_RaQ7gbN4TGbRDfqzfy3o.tFZnCYu25HPY3bnNjJvqfsjyepd_mpdOJ98Hq4Hi.wo6K44CsRg_I7mpSPt5wWRcegHJivlCDIkrNkUTmcg-- X-Yahoo-Newman-Property: ymail-3 Message-ID: <4920C685.1050004@gmail.com> Date: Sun, 16 Nov 2008 17:19:01 -0800 From: "Jin Guojun[VFF]" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.13) Gecko/20071201 X-Accept-Language: en, zh, zh-CN MIME-Version: 1.0 To: Ian Smith References: <491F413A.4020108@gmail.com> <20081115223556.GA45503@owl.midgard.homeip.net> <491F54A0.9090702@gmail.com> <491F6466.40309@gmail.com> <20081116224655.J70117@sola.nimnet.asn.au> In-Reply-To: <20081116224655.J70117@sola.nimnet.asn.au> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Erik Trulsson , freebsd-bugs@FreeBSD.org, ipfw@freebsd.org Subject: Re: some ipfw filter does not function under Release 6.3 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2008 01:45:42 -0000 Ian Smith wrote: >On Sat, 15 Nov 2008, Jin Guojun[VFF] wrote: > > > I think this is a bug in ipfw because after change the rule order, the > > problem persists: > > 00566 26 3090 deny ip from 221.192.199.36 to any > > 65330 2018 983473 allow tcp from any to any established > > 65535 0 0 deny ip from any to any > >Are you saying that the packets shown below from 221.192.199.36 arrived >=after= you added rule 566, which denys all traffic from that address? > >Are you showing us your entire ruleset; it is just those three rules? > >Is the tcpdump shown running on the same box as ipfw, or another box? > >If another box, how is it connected through the firewall, to the net? > >Which machine performs NAT for your network? None of this is obvious. > >Please show output of 'ifconfig' and 'netstat -rn' on the ipfw box? > > > I have found the problem due to the NIC naming change after motherboard upgrading. The em0 was LAN port, but now it is WAN port. So, the following rule caused Sync coming in: 00123 12 528 allow tcp from any to 192.168.0.0/16 via em0 setup This is my configuration fault, and we can close PR kern/128902. Thanks, -Jin