From owner-freebsd-stable  Sun Feb  3 18:37:37 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from voyager.straynet.com (voyager.straynet.com [208.185.24.8])
	by hub.freebsd.org (Postfix) with ESMTP id D5D6637B42B
	for <stable@FreeBSD.ORG>; Sun,  3 Feb 2002 18:37:15 -0800 (PST)
Received: by voyager.straynet.com (Postfix, from userid 1001)
	id 354C92069B; Sun,  3 Feb 2002 21:35:53 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
	by voyager.straynet.com (Postfix) with ESMTP
	id 19E4318C97; Sun,  3 Feb 2002 21:35:53 -0500 (EST)
Date: Sun, 3 Feb 2002 21:35:53 -0500 (EST)
From: Greg Prosser <greg@straynet.com>
X-X-Sender:  <xyst@voyager.straynet.com>
Reply-To: Greg Prosser <greg@straynet.com>
To: "M. Warner Losh" <imp@village.org>
Cc: <michaelnottebrock@gmx.net>, <stable@FreeBSD.ORG>
Subject: Re: dropping 127.* on the floor
In-Reply-To: <20020203.191758.96919906.imp@village.org>
Message-ID: <20020203213338.V12914-100000@voyager.straynet.com>
X-Sysadmin-Nolife: True
X-BOFH: Yes
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


I just tested myself with the squid way of doing things (ipfw instead of
ipf), and it also affects that.  Looks like transparent squid proxying is
now hosed, fun.  Point of note, it seems -RELEASE is not affected by this,
which is a good sign.

Should I send a private mail to the commiter, or is it being taken care
of?

-gnp

on Sun, 3 Feb 2002, M. Warner Losh babbled ..

;; In message: <3C5DE578.4020409@gmx.net>
;;             Michael Nottebrock <michaelnottebrock@gmx.net> writes:
;; : Greg Prosser wrote:
;; :
;; : > FWIW, my problem was a change in the ip stack.
;; : >
;; : > We now drop 127.* packets on the floor if they come in across an interface
;; : > that is not lo0.  Since ipnat redirect rules happen below the ip stack,
;; : > packets which are rewritten by ipnat to use a 127.* address get dropped on
;; : > the floor when they enter the stack.  ipnat records the redirect as having
;; : > worked, but the packet just disappears silently.  This totally breaks
;; : > my transparent proxy, as I forward the connections to 127.0.0.1 via ipnat.
;; :
;; :
;; : Ugh. This probably means that transparent squid proxying will also break
;; : and _that_ scares me (no touchy cvsup for my -STABLE box). You might
;; : want to contact the committer about this.
;;
;; It is certainly looking like this change will be backed out.  It is
;; well intended, but breaks too many things. :-(


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message