Date: Fri, 19 Sep 2008 14:16:02 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: freebsd-net@FreeBSD.org Subject: Re: Firewall redirect doesn't work any more... Message-ID: <20080919121602.GC4333@garage.freebsd.pl> In-Reply-To: <20080919075633.GA4333@garage.freebsd.pl> References: <20080919075633.GA4333@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
--E13BgyNx05feLLmH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 19, 2008 at 09:56:33AM +0200, Pawel Jakub Dawidek wrote: > ...or am I missing something? >=20 > I've a box running: >=20 > FreeBSD whiplash.wheel.pl 7.0-STABLE FreeBSD 7.0-STABLE #0: Wed Jul 23 11= :41:31 CEST 2008 root@puppet.wheel.pl:/usr/obj/usr/src/sys/WHIPLASH i386 >=20 > I'm also running PF in there with the following rule: >=20 > rdr on fxp0 proto tcp from 10.0.1.9 to 10.0.0.2 port 88 -> 10.0.5.123 por= t 88 >=20 > When I connect from 10.0.1.9 to 10.0.0.2:88 I can see redirected packet > leaving the box: >=20 > IP 10.0.1.9.43210 > 10.0.0.2.88: S [...] > IP 10.0.1.9.43210 > 10.0.5.123.88: S [...] >=20 > Ok. Now I've a box running: >=20 > FreeBSD bridge.wheel.pl 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Thu Sep= 11 13:59:06 CEST 2008 root@bridge.wheel.pl:/usr/obj/usr/src/sys/BRIDGE i3= 86 >=20 > And the following PF rule: >=20 > rdr on fxp0 proto tcp from 10.0.0.2 to 10.0.5.123 port 88 -> 10.0.1.9 por= t 88 >=20 > When I connect from 10.0.0.2 to 10.0.5.123:88 I no longer see redirected > packet leaving the box: >=20 > IP 10.0.0.2.60806 > 10.0.5.123.88: S [...] >=20 > I tried to redirect packet on the second box with IPFW, but also failed > (yes IPFIREWALL_FORWARD was compiled in). >=20 > Does something got broken or am I missing some configuration hint? I downgraded to 7.0-RELEASE and the problem was still there, but I found a work-around - one needs to set net.inet.ip.forwarding to 1, even though packet is not forwarded between interfaces (everything is related to fxp0 only). --=20 Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --E13BgyNx05feLLmH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFI05gCForvXbEpPzQRAoR7AKCgxG29/6j6HjoU/Uo84cCu2B2oVACePXN+ 7VTRS3zub2GhObMcLG7wFRc= =WUCa -----END PGP SIGNATURE----- --E13BgyNx05feLLmH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080919121602.GC4333>