From owner-freebsd-ipfw@FreeBSD.ORG Sun Apr 20 14:46:04 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1ABAE106566C for ; Sun, 20 Apr 2008 14:46:04 +0000 (UTC) (envelope-from phil@testequipmentconnection.org) Received: from mail.testequipmentconnection.net (mail.testequipmentconnection.net [65.169.170.194]) by mx1.freebsd.org (Postfix) with ESMTP id 0BEA68FC16 for ; Sun, 20 Apr 2008 14:45:59 +0000 (UTC) (envelope-from phil@testequipmentconnection.org) Received: from PhilTEC (unknown [65.161.131.154]) (Authenticated sender: phil@testequipmentconnection.net) by mail.testequipmentconnection.net (Postfix) with ESMTP id 98EE18A40A1 for ; Sun, 20 Apr 2008 09:09:24 -0400 (EDT) From: "Phil" To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Sender: Phil Date: Sun, 20 Apr 2008 09:07:18 -0500 X-Mailer: Eudora Message-Id: <20080420130924.98EE18A40A1@mail.testequipmentconnection.net> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Refurbished Wireless Test and Repair Values X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2008 14:46:04 -0000 We Sell Worldwide Rentals and Leasing Available Renting or leasing test equipment is today’s answer. Renting test equipment allows you to acquire test equipment without the investment of ownership. Renting test equipment is an ideal solution for companies that need additional test equipment on short notice or need test equipment for short periods of time. Rent test equipment for special projects, replace failed equipment, or evaluate test equipment before purchasing and avoid long lead times. Test Equipment Connection is expanding its rental inventory and investing in the newest and most popular test equipment. Our inventory is growing and changes daily. We offer over 28,000 test instruments from over 250 manufacturers. When you rent test equipment, rental payments are treated as operating expenses and not part of your capital equipment budget. Call or Email for a Quote Today Rental Quote Request Tight Capital Budget? - No Problem! Check Out These High Quality Refurbished Equipment Specials and Maximize Your Budget. Anritsu MT8220A/40/41 Sale $8,995 Anritsu S331B Sale $3,995 Anritsu S332C Sale $6,895 Anritsu ML2437A Sale $3,995 Agilent E6380A Sale $3,500 Agilent E4436B/Options Sale $15,900 Agilent 8712ET/1EC Sale $9,800 IFR COM120B Sale $9,290 HP 4284A Sale $9,990 HP 8560EC Sale $23,000 HP 8720D with options On Sale Call R&S FSH3 On Sale Call Over 15 Years of Sales, Service and Selection Rohde & Schwarz SME03 Sale $5,490 IFR 2945A Sale 9,495 Anritsu S332C Sale $6,895 Anritsu S331C Sale $5,495 Anritsu S331A Sale $2,995 Agilent 8753ES Sale $22,000 Tektronix TVS645 Sale $2,750 Agilent 89431A Sale $6,890 Test Equipment Connection is Actively Purchasing De-installed, Excess, New-Surplus, Off-Lease and Underutilized Equipment. Click Here for a Cash Offer R&S FSH6.26/B1/Z3 Sale $19,190 JDSU SDA5000 Sale $6,990 JDSU FST2802 Sale $8,490 JDSU FST-2310 Equipped for DS1, DS3, OC-3, & OC-12 Call JDSU ANT-5 Equipped for STM-1/-4 On Sale Call Tektronix TDS3032 Sale $3,000 Tektronix TDS3034 Sale $3,895 Tektronix TDS3054B Sale $8,490 HP 8561E Sale $11,980 Marconi 2031 Sale $3,895 Agilent E4436B w/options On Sale Call HP 8720ES/10/12/400 Sale $55,000 HP 54540C Sale $2,495 HP 8648C/1E6 Sale $7,290 Our technicians are fully trained and have extensive calibration and repair expertise on the widest variety of makes & models. We provide high quality repair and calibration services at competitive prices with responsive turn around times for evaluation, repair and calibration. N.I.S.T. traceable certificates in accordance with MIL-STD 45662A and ANSI/NSCL 540-1 can be provided with all repairs. In addition, ISO 9001-2000 UL registered calibrations and ISO/IEC 17025 calibrations accredited by A2LA are available for select items. No Capital Budget? - No Problem! We Repair and Calibrate So You Can Utilize The Equipment You Already Have. Free Evaluation Coupon Below! Click Here to View This Page on the Internet Toll Free USA & Canada 800-615-8378 Direct Worldwide 407-804-1184 email phil@testequipmentconnection.org 30 Skyline Drive Lake Mary, FL 32746 This email is sent in accordance with the US CAN-SPAM Act. *Removal* requests* can be sent to this address and will be honored and respected If you want to dis-continue this mailing click on the following email address or respond with *un-subscribe* in the subject line to: phil@testequipmentconnection.org From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 21 07:20:05 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0DAA61065673 for ; Mon, 21 Apr 2008 07:20:05 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E65028FC21 for ; Mon, 21 Apr 2008 07:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3L7K4FZ078297 for ; Mon, 21 Apr 2008 07:20:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3L7K4Zd078296; Mon, 21 Apr 2008 07:20:04 GMT (envelope-from gnats) Date: Mon, 21 Apr 2008 07:20:04 GMT Message-Id: <200804210720.m3L7K4Zd078296@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Stephen E. Halpin" Cc: Subject: Re: bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Stephen E. Halpin" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2008 07:20:05 -0000 The following reply was made to PR bin/104921; it has been noted by GNATS. From: "Stephen E. Halpin" To: bug-followup@FreeBSD.org, seh-k3t3z4@mail.quadrizen.com Cc: Subject: Re: bin/104921: [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (another variation on PR 91245) Date: Mon, 21 Apr 2008 03:14:22 -0400 (Note updated e-mail address...) The same problem exists in FreeBSD 6.3, and essentially the same set of diffs work: *** ipfw2.c.orig Sun Oct 14 04:58:01 2007 --- ipfw2.c Sun Jan 20 12:35:46 2008 *************** *** 3816,3822 **** if ((host = strdup(av)) == NULL) return NULL; ! if ((ch = strrchr(host, '/')) != NULL) *ch = '\0'; if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || --- 3816,3822 ---- if ((host = strdup(av)) == NULL) return NULL; ! if ((ch = strpbrk(host, "/,")) != NULL) *ch = '\0'; if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || *************** *** 3842,3848 **** if ((host = strdup(av)) == NULL) return NULL; ! if ((ch = strrchr(host, '/')) != NULL) *ch = '\0'; if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || --- 3842,3848 ---- if ((host = strdup(av)) == NULL) return NULL; ! if ((ch = strpbrk(host, "/,")) != NULL) *ch = '\0'; if (proto == IPPROTO_IPV6 || strcmp(av, "me6") == 0 || -Steve From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 21 08:27:40 2008 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 396C41065727 for ; Mon, 21 Apr 2008 08:27:40 +0000 (UTC) (envelope-from fam@solacetel.com) Received: from ns1.sky.net.pk (mx1.sky.net.pk [203.175.64.8]) by mx1.freebsd.org (Postfix) with ESMTP id 410A38FC19 for ; Mon, 21 Apr 2008 08:27:38 +0000 (UTC) (envelope-from fam@solacetel.com) Received: from solace638d593b (fam.sky.net.pk [203.175.64.65]) by ns1.sky.net.pk (8.13.5/8.13.5) with ESMTP id m3L6rgGG026013 for ; Mon, 21 Apr 2008 12:53:46 +0600 Message-Id: <200804210653.m3L6rgGG026013@ns1.sky.net.pk> From: "Fazal Ahmed Malik" To: Date: Mon, 21 Apr 2008 12:49:54 +0500 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcijhD8ZD5Zy4thSTS2tt4tyadhcpw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="windows-1250" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: web server behind nat IPFW firewall X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2008 08:27:40 -0000 Hi, I need help for setting up web server behind IPFW firewall. I have Freebsd 6.0 working as router on LAN with transparent squid. Now I want to setup web server to be running on private IP please help me in writing IPFW rules to serve the purpose. Current IPFW rules are as under, $fwcmd add divert natd all from any to any via vr0 $fwcmd add fwd $external_ip,8080 tcp from not me to any 80 #$fwcmd add fwd $internal_ip log tcp from any to me dst-port 80 in via vr0 #$fwcmd add fwd $internal_ip tcp from any to me dst-port 80 out via re0 $fwcmd add allow log tcp from any to any in tcpflags syn,fin $fwcmd add check-state $fwcmd add allow tcp from any to any out keep-state $fwcmd add allow tcp from any to any via vr0 established $fwcmd add allow tcp from any to any 21 setup $fwcmd add allow tcp from any to any 22 setup $fwcmd add allow tcp from any to any 23 setup $fwcmd add allow tcp from any to any 43 setup $fwcmd add allow tcp from any to me 80 setup $fwcmd add allow tcp from any to any 110 setup $fwcmd add allow tcp from any to any 143 setup $fwcmd add allow tcp from any to any 443 setup $fwcmd add allow tcp from any to any 789 setup $fwcmd add reset log tcp from any to any 113 in recv vr0 $fwcmd add allow udp from any to any 53 out xmit vr0 $fwcmd add allow udp from any 53 to any in recv vr0 $fwcmd add 03000 allow icmp from me to any $fwcmd add 04000 allow icmp from any to any Thanks, Fazal No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.2/1388 - Release Date: 4/20/2008 3:01 PM From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 21 11:06:50 2008 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1FBFF106566C for ; Mon, 21 Apr 2008 11:06:50 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0E85E8FC2A for ; Mon, 21 Apr 2008 11:06:50 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3LB6nkK095189 for ; Mon, 21 Apr 2008 11:06:49 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3LB6nLf095185 for freebsd-ipfw@FreeBSD.org; Mon, 21 Apr 2008 11:06:49 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 21 Apr 2008 11:06:49 GMT Message-Id: <200804211106.m3LB6nLf095185@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2008 11:06:50 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/121955 ipfw [ipfw] [panic] freebsd 7.0 panic with mpd 16 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] [request] Too few dummynet queue slots o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets p kern/113388 ipfw [ipfw][patch] Addition actions with rules within speci o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form p kern/115755 ipfw [ipfw][patch] unify message and add a rule number wher o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor s kern/121807 ipfw [request] TCP and UDP port_table in ipfw 29 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 22 02:15:43 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB8A7106564A; Tue, 22 Apr 2008 02:15:43 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id AEE958FC1C; Tue, 22 Apr 2008 02:15:43 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3M2FhSC072556; Tue, 22 Apr 2008 02:15:43 GMT (envelope-from linimon@freefall.freebsd.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3M2Fh53072552; Tue, 22 Apr 2008 02:15:43 GMT (envelope-from linimon) Date: Tue, 22 Apr 2008 02:15:43 GMT Message-Id: <200804220215.m3M2Fh53072552@freefall.freebsd.org> To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: linimon@FreeBSD.org Cc: Subject: Re: kern/122963: [ipfw] tcpdump does not show packets redirected by 'ipfw fwd' on proper interface X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Apr 2008 02:15:43 -0000 Old Synopsis: tcpdump does not show packets redirected by 'ipfw fwd' on proper interface New Synopsis: [ipfw] tcpdump does not show packets redirected by 'ipfw fwd' on proper interface Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Tue Apr 22 02:14:45 UTC 2008 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=122963 From owner-freebsd-ipfw@FreeBSD.ORG Fri Apr 25 10:24:05 2008 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 800691065674; Fri, 25 Apr 2008 10:24:05 +0000 (UTC) (envelope-from oleg@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 424178FC0C; Fri, 25 Apr 2008 10:24:05 +0000 (UTC) (envelope-from oleg@FreeBSD.org) Received: from freefall.freebsd.org (oleg@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m3PAO5qD033678; Fri, 25 Apr 2008 10:24:05 GMT (envelope-from oleg@freefall.freebsd.org) Received: (from oleg@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m3PAO52A033674; Fri, 25 Apr 2008 10:24:05 GMT (envelope-from oleg) Date: Fri, 25 Apr 2008 10:24:05 GMT Message-Id: <200804251024.m3PAO52A033674@freefall.freebsd.org> To: shulikov@gmail.com, oleg@FreeBSD.org, freebsd-ipfw@FreeBSD.org, oleg@FreeBSD.org From: oleg@FreeBSD.org Cc: Subject: Re: kern/121955: [ipfw] [panic] freebsd 7.0 panic with mpd X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Apr 2008 10:24:05 -0000 Synopsis: [ipfw] [panic] freebsd 7.0 panic with mpd State-Changed-From-To: open->patched State-Changed-By: oleg State-Changed-When: Fri Apr 25 10:20:48 UTC 2008 State-Changed-Why: In private discussion PR author confirms that suggested patch did help. Responsible-Changed-From-To: freebsd-ipfw->oleg Responsible-Changed-By: oleg Responsible-Changed-When: Fri Apr 25 10:20:48 UTC 2008 Responsible-Changed-Why: see above. http://www.freebsd.org/cgi/query-pr.cgi?pr=121955