Date: Tue, 1 Mar 2005 21:07:56 -0500 From: tad@vif.com To: freebsd-net@freebsd.org Subject: Re: Kern/73129 and 5.3-STABLE Message-ID: <20050301210756.htmfzmcu80wsoc40@email.vif.com>
next in thread | raw e-mail | index | archive | help
> On Thu, Feb 10, 2005 at 11:27:35AM +0100, Andre Oppermann wrote: > > > On Wed, Feb 09, 2005 at 09:48:18PM +0100, Andre Oppermann wrote: > > > > The problem is with locally generated packets which go the wrong way. > > > > This gets nasty when the box has to generate some path MTU discovery > > > > ICMP message and such. What I implemented is the correct thing to do > > > > and prevents foot-shooting. On the other hand it prevents people from > > > > forwarding local ports and such. Both sides of the coin have merit > > > > and there is no easy deciding between them or obvious right or wrong > > > > choice. [...] > The code that is currently in the tree. > -- Andre Oppermann Sorry for bringing this again, I am still getting discrepancies with ipfw fwd. Here is a my test: ProxyHost# ipfw add 10 fwd DestinationHost icmp from SourceHost to any SourceHost# ping Proxy_Host ** On 5.3 Stable (5.4-PRERELEASE #1: Sun Feb 27 20:31:49 EST 2005) and 6.0 Current (6.0-CURRENT #8: Tue Mar 1 12:32:33 EST 2005) I get replies from ProxyHost without any forwarding to DestinationHost ** On 4-x and 5.2.1 Fwd works and packets hit DestinationHost -Talal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050301210756.htmfzmcu80wsoc40>