Site Navigation

Date:      Mon, 15 Apr 2013 21:04:32 +0200
From:      Spil Oss <spil.oss@gmail.com>
To:        Ian Smith <smithi@nimnet.asn.au>
Cc:        freebsd-ipfw@freebsd.org, Michael Sierchio <kudzu@tenebras.com>
Subject:   Re: Problems with ipfw/natd and axe(4)
Message-ID:  <CAEJyAvP-4FZ7eZ0o4c3qMzC0nY_gT4GfS3KjBVQiuzNY3aXz4Q@mail.gmail.com>
In-Reply-To: <20130415160625.K56386@sola.nimnet.asn.au>
References:  <CAEJyAvOZ6fW0i3yT_D4fH1huje-qsJwA7GGeXqAO1PKzge-YNw@mail.gmail.com> <20130415015850.Y56386@sola.nimnet.asn.au> <CAHu1Y73Xu64NY1B=idaKmHKDGOB3AHbcXKi4A48-SNkhJrMy6Q@mail.gmail.com> <20130415160625.K56386@sola.nimnet.asn.au>

---

index | next in thread | previous in thread | raw e-mail

---

[-- Attachment #1 --]
Hi all,

Network dumps as promised
On 172.17.2.1:
      tcpdump -p -i bridge0 -s 0 -w ssh-fail.pcap host not 172.17.2.167
>From 172.17.2.1 I ran
      telnet 172.17.2.111/157 22
In Wireshark I trimmed the capture a bit further with expression
      'not stp and not http'

Initial setup (ue0 ext, re0 int, rule 10 to allow ssh)
     -> ue0-ssh-success.pcap
Removed rule 10
     -> ue0-ssh-fail.pcap
Switched re0 and ue0, default ruleset (without 10)
     -> re0-ssh-success.pcap

According to YungHyeong the sample ASIX NIC he has works normally when
checksumming is disabled.

Kind regards,

Spil.




On Mon, Apr 15, 2013 at 8:25 AM, Ian Smith <smithi@nimnet.asn.au> wrote:

> On Sun, 14 Apr 2013 10:34:06 -0700, Michael Sierchio wrote:
>  > On Sun, Apr 14, 2013 at 10:26 AM, Ian Smith <smithi@nimnet.asn.au>
> wrote:
>  >
>  > > 'allow ip' aka 'allow all' doesn't usually take a port number, which
>  > > applies only to tcp and udp.
>  >
>  > It does in ipfw - in which case it means ( udp | tcp )
>
> You're quite right, and my assumption that it would also permit icmp
> was quite wrong, after a quick test.
>
> Which appears to leave the bypassed divert not working with rx/txcsum
> the only viable suspect.  The ruleset is otherwise 'out of the box'.
>
> Does anyone know whether this is an issue with libalias(3) generally -
> in which case using nat instead of divert shouldn't help - or just with
> natd in particular?
>
> cheers, Ian
>

[-- Attachment #2 --]
��
HlQZSJJ`nB[Sf� ���E<�*@@�
�o5�t�Y����`�

�wHlQ@ZJJf� ���`nB[SE<r@@ݷ�o�
5��2Tct�Z���w��

�����wHlQ�ZBB`nB[Sf� ���E4�,@@��
�o5�t�Z�2Td��w


�w!����HlQx�qqf� ���`nB[SEcs@@ݏ�o�
5��2Tdt�Z�a�


���
�w!SSH-2.0-OpenSSH_6.1_hpn13v11 FreeBSD-20120901
HlQ!(BB`nB[Sf� ���E4�C@@ެ
�o5�t�Z�2T����


�w����
HlQ�	BB`nB[Sf� ���E4�+@@��
�o5�t�Z�2T����


�w ����
HlQ�	BBf� ���`nB[SE4t@@ݽ�o�
5��2T�t�[�q


�����w �HlQ	�	BBf� ���`nB[SE4u@@ݼ�o�
5��2T�t�[�q


�����w �HlQL�	BB`nB[Sf� ���E4�-@@��
�o5�t�[�2T��q


�w �����
[-- Attachment #3 --]
��
�HlQ��JJ`nB[Sf� ���E<Q~@@���
�o�\��m{�����

�y�T�HlQ��JJf� ���`nB[SE<�@@ݩ�o�
�\�k��m|���\��

E��r�y�T�HlQ��JJ`nB[Sf� ���E<Sf@@���
�o�\��m{����a�

�y��HlQ��JJf� ���`nB[SE<�@@ݨ�o�
�\�k��m|���\��

E��r�y�T�HlQ>�JJf� ���`nB[SE<�@@ݧ�o�
�\�k��m|���\��

E��r�y��HlQ	JJf� ���`nB[SE<�@@ݦ�o�
�\�k��m|���\��

E��r�y��HlQ��JJ`nB[Sf� ���E<UY@@���
�o�\��m{���z��

�y���HlQ��JJf� ���`nB[SE<�@@ݥ�o�
�\�k��m|���\��

E��r�y���HlQ

	JJf� ���`nB[SE<�@@ݤ�o�
�\�k��m|���\��

E��r�y���HlQ�>>`nB[Sf� ���E0W�@@���
�o�\��m{p����HlQ|BBf� ���`nB[SE4�@@ݫ�o�
�\�k��m|���\��

[-- Attachment #4 --]
��
�JlQ� JJ@a���f� ���E<��@@77�
���^��@z����-�

��,��JlQj!JJf� ���@a���E<�@@�F���
�^��:瞮@{����Q�

e�yS��,��JlQ�!BB@a���f� ���E4��@@7>�
���^��@{��:�


��,�e�yS�JlQ�bqqf� ���@a���Ec�@@����
�^��:螮@{��y


e�yg��,�SSH-2.0-OpenSSH_6.1_hpn13v11 FreeBSD-20120901
�JlQe�BB@a���f� ���E4��@@7�
���^��@{��;�T


��-je�yg�JlQ�BB@a���f� ���E4�q@@3��
���^��@{��;��


��C*e�yg�JlQΔBBf� ���@a���E4�@@�L���
�^��;��@|��l


e�����C*�JlQw�BBf� ���@a���E4�@@�K���
�^��;��@|��k


e�����C*�JlQҘBB@a���f� ���E4�r@@3��
���^��@|��;��j


��C+e���

help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEJyAvP-4FZ7eZ0o4c3qMzC0nY_gT4GfS3KjBVQiuzNY3aXz4Q>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact