From owner-freebsd-ipfw@FreeBSD.ORG  Mon Nov 22 11:30:37 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C870216A4CE
	for <ipfw@hub.freebsd.org>; Mon, 22 Nov 2004 11:30:37 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B62C343D49
	for <ipfw@hub.freebsd.org>; Mon, 22 Nov 2004 11:30:37 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id iAMBUbYV083403
	for <ipfw@freefall.freebsd.org>; Mon, 22 Nov 2004 11:30:37 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.1/8.13.1/Submit) id iAMBUb3s083402;
	Mon, 22 Nov 2004 11:30:37 GMT
	(envelope-from gnats)
Date: Mon, 22 Nov 2004 11:30:37 GMT
Message-Id: <200411221130.iAMBUb3s083402@freefall.freebsd.org>
To: ipfw@FreeBSD.org
From: Achim Patzner <ap@bnc.net>
Subject: Re: kern/73910: [ipfw] serious bug on forwarding of packets after
	NAT
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Achim Patzner <ap@bnc.net>
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2004 11:30:37 -0000

The following reply was made to PR kern/73910; it has been noted by GNATS.

From: Achim Patzner <ap@bnc.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: kern/73910: [ipfw] serious bug on forwarding of packets after NAT
Date: Mon, 22 Nov 2004 12:22:14 +0100

 (I guess someone should adjust his AV engine... My Mac is ROTFLing.)
 
 glebius@bestcom.ru>: host relay.bestcom.ru[217.72.144.5] said: 550 
 5.7.1 Error
      HD77: Virus Sobig found
 Reporting-MTA: dns; mx2.freebsd.org
 Arrival-Date: Mon, 22 Nov 2004 11:15:12 +0000 (GMT)
 
 Final-Recipient: rfc822; glebius@bestcom.ru
 Action: failed
 Status: 5.0.0
 Diagnostic-Code: X-Postfix; host relay.bestcom.ru[217.72.144.5] said: 
 550 5.7.1
      Error HD77: Virus Sobig found
 
 Von: Achim Patzner <ap@bnc.net>
 Datum: 22. November 2004 12:15:00 MEZ
 An: Gleb Smirnoff <glebius@freebsd.org>
 Betreff: Re: kern/73910: [ipfw] serious bug on forwarding of packets 
 after NAT
 
 
 
 >   Can you show your kernel configuration, pls?
 
 GENERIC + all IPFW-options.
 
 Sorry, I can't get at the machine because it is deactivated but I used 
 a 5.3 GENERIC and added
 
 options         IPFIREWALL              #firewall
 options         IPFIREWALL_VERBOSE      #print information about 
 dropped packets
 options         IPFIREWALL_FORWARD      #enable transparent proxy 
 support
 options         IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by 
 default
 options         IPDIVERT                #divert sockets
 options         IPSTEALTH               #support for stealth forwarding
 options         IPSEC                   #IP security
 options         IPSEC_ESP               #IP security (crypto; define 
 w/IPSEC)
 options         DUMMYNET
 
 
 Achim