From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 17 11:06:50 2014 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F0C04D44 for ; Mon, 17 Feb 2014 11:06:49 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DB56A11BE for ; Mon, 17 Feb 2014 11:06:49 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s1HB6nOT033087 for ; Mon, 17 Feb 2014 11:06:49 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s1HB6ng8033083 for freebsd-ipfw@FreeBSD.org; Mon, 17 Feb 2014 11:06:49 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 17 Feb 2014 11:06:49 GMT Message-Id: <201402171106.s1HB6ng8033083@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Feb 2014 11:06:50 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/180731 ipfw [ipfw] problem with displaying 255.255.255.255 address o kern/180729 ipfw [ipfw] ipfw nat show empty output o kern/178482 ipfw [ipfw] logging problem from vnet jail o kern/178480 ipfw [ipfw] dynamically loaded ipfw with a vimage kernel do o kern/178317 ipfw [ipfw] ipfw options need to specifed in specific order o kern/177948 ipfw [ipfw] ipfw fails to parse port ranges (p1-p2) for udp o kern/176503 ipfw [ipfw] ipfw layer2 problem o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipfw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. f kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 41 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 17 15:50:01 2014 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B7945C37 for ; Mon, 17 Feb 2014 15:50:01 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 87F94107F for ; Mon, 17 Feb 2014 15:50:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s1HFo1VS024921 for ; Mon, 17 Feb 2014 15:50:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s1HFo12e024920; Mon, 17 Feb 2014 15:50:01 GMT (envelope-from gnats) Date: Mon, 17 Feb 2014 15:50:01 GMT Message-Id: <201402171550.s1HFo12e024920@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org Cc: From: Ian Smith Subject: Re: kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for udp X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Ian Smith List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Feb 2014 15:50:01 -0000 The following reply was made to PR kern/177948; it has been noted by GNATS. From: Ian Smith To: bug-followup@FreeBSD.org, jau@oxit.fi Cc: Subject: Re: kern/177948: [ipfw] ipfw fails to parse port ranges (p1-p2) for udp Date: Tue, 18 Feb 2014 02:43:21 +1100 Having been determined not to be an ipfw problem, could this be closed? If still an open clang issue, Jukka or somebody might reopen it there. cheers, Ian From owner-freebsd-ipfw@FreeBSD.ORG Mon Feb 17 21:20:09 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 87CDB44C for ; Mon, 17 Feb 2014 21:20:09 +0000 (UTC) Received: from secure.freebsdsolutions.net (secure.freebsdsolutions.net [69.55.234.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 65E97122F for ; Mon, 17 Feb 2014 21:20:09 +0000 (UTC) Received: from [10.10.1.198] (office.betterlinux.com [199.58.199.60]) (authenticated bits=0) by secure.freebsdsolutions.net (8.14.4/8.14.4) with ESMTP id s1HLK5q4083657 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 17 Feb 2014 16:20:06 -0500 (EST) (envelope-from lists@jnielsen.net) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\)) Subject: Re: something is wrong after 9.2 to 10.0 From: John Nielsen In-Reply-To: <20140215.123424.159647737.toshi@ruby.ocn.ne.jp> Date: Mon, 17 Feb 2014 14:20:20 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <845B3D92-A997-4872-AFBB-BCC23D96CD10@jnielsen.net> References: <20140215.123424.159647737.toshi@ruby.ocn.ne.jp> To: SAITOU Toshihide X-Mailer: Apple Mail (2.1827) X-DCC-Etherboy-Metrics: ns1.jnielsen.net 1002; Body=2 Fuz1=2 Fuz2=2 X-Virus-Scanned: clamav-milter 0.97.8 at ns1.jnielsen.net X-Virus-Status: Clean Cc: freebsd-ipfw@freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Feb 2014 21:20:09 -0000 On Feb 14, 2014, at 8:34 PM, SAITOU Toshihide = wrote: > I'm using FreeBSD as desktop and also using as nat gateway. > After update from 9.2 to 10.0, some network problem occurs > on this desktop machine's environment. >=20 > - Sometimes email transmission failed with > `stat=3DDeferred: 452', maybe when the size is large. >=20 > - Firefox failed to post a form of web page on https. >=20 > - Cadaver is no longer able to put file. >=20 > But if I delete the following rule, the problem don't occur. >=20 > 00050 352686 304039811 nat 123 ip4 from any to any via alc0 >=20 > And the related rc.conf entry is here: >=20 > firewall_enable=3D"YES" > firewall_type=3D"open" > firewall_quiet=3D"NO" > firewall_logging=3D"YES" > firewall_nat_enable=3D"YES" > firewall_nat_interface=3D"alc0" >=20 > Is there any clue? I saw a similar problem when using NAT on a TSO-enabled interface in = FreeBSD 10. Try running "ifconfig alc0 -tso" and/or adding "-tso" to the = ifconfig_alc0 entry in your /etc/rc.conf. See also the related entry in = the BUGS section at the end of ipfw(8) man page. JN From owner-freebsd-ipfw@FreeBSD.ORG Tue Feb 18 15:20:25 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ECE611DD for ; Tue, 18 Feb 2014 15:20:25 +0000 (UTC) Received: from msgw002-05.ocn.ad.jp (msgw002-05.ocn.ad.jp [180.37.203.80]) by mx1.freebsd.org (Postfix) with ESMTP id B58DC11A8 for ; Tue, 18 Feb 2014 15:20:25 +0000 (UTC) Received: from localhost (p12048-ipngn100104sizuokaden.shizuoka.ocn.ne.jp [153.185.230.48]) by msgw002-05.ocn.ad.jp (Postfix) with ESMTP id BCA56A42E10; Wed, 19 Feb 2014 00:20:24 +0900 (JST) Date: Wed, 19 Feb 2014 00:20:23 +0900 (JST) Message-Id: <20140219.002023.205359736.toshi@ruby.ocn.ne.jp> To: lists@jnielsen.net Subject: Re: something is wrong after 9.2 to 10.0 From: SAITOU Toshihide In-Reply-To: <845B3D92-A997-4872-AFBB-BCC23D96CD10@jnielsen.net> References: <20140215.123424.159647737.toshi@ruby.ocn.ne.jp> <845B3D92-A997-4872-AFBB-BCC23D96CD10@jnielsen.net> X-GPG-fingerprint: 34B3 0B6A 8520 F5B0 EBC7 69F6 C055 9F8A 0D49 F8FC X-Mailer: Mew version 6.2.51 on Emacs 22.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Feb 2014 15:20:26 -0000 In message: <845B3D92-A997-4872-AFBB-BCC23D96CD10@jnielsen.net> John Nielsen writes: > On Feb 14, 2014, at 8:34 PM, SAITOU Toshihide wrote: > >> I'm using FreeBSD as desktop and also using as nat gateway. >> After update from 9.2 to 10.0, some network problem occurs >> on this desktop machine's environment. >> >> - Sometimes email transmission failed with >> `stat=Deferred: 452', maybe when the size is large. >> >> - Firefox failed to post a form of web page on https. >> >> - Cadaver is no longer able to put file. >> >> But if I delete the following rule, the problem don't occur. >> >> 00050 352686 304039811 nat 123 ip4 from any to any via alc0 >> >> And the related rc.conf entry is here: >> >> firewall_enable="YES" >> firewall_type="open" >> firewall_quiet="NO" >> firewall_logging="YES" >> firewall_nat_enable="YES" >> firewall_nat_interface="alc0" >> >> Is there any clue? > > I saw a similar problem when using NAT on a TSO-enabled interface in FreeBSD 10. Try running "ifconfig alc0 -tso" and/or adding "-tso" to the ifconfig_alc0 entry in your /etc/rc.conf. See also the related entry in the BUGS section at the end of ipfw(8) man page. > > JN Wow! "ifconfig alc0 -tso" solves the problem. Thank you! -- SAITOU Toshihide