From owner-freebsd-net@FreeBSD.ORG Sun Dec 6 05:54:45 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78FAC1065676 for ; Sun, 6 Dec 2009 05:54:45 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outE.internet-mail-service.net (oute.internet-mail-service.net [216.240.47.228]) by mx1.freebsd.org (Postfix) with ESMTP id 5D2708FC18 for ; Sun, 6 Dec 2009 05:54:45 +0000 (UTC) Received: from idiom.com (mx0.idiom.com [216.240.32.160]) by out.internet-mail-service.net (Postfix) with ESMTP id 382532DA6E; Sat, 5 Dec 2009 21:54:45 -0800 (PST) X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id A454B2D6010; Sat, 5 Dec 2009 21:54:44 -0800 (PST) Message-ID: <4B1B4728.2050308@elischer.org> Date: Sat, 05 Dec 2009 21:54:48 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Lytochkin Boris References: <933fa9790912040047k64aa11a7s736688e7382725ad@mail.gmail.com> <933fa9790912051124x77f33878tfe588c0cbdb1fe4@mail.gmail.com> In-Reply-To: <933fa9790912051124x77f33878tfe588c0cbdb1fe4@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, Gleb Smirnoff Subject: Re: FreeBSD 8: ipfw fwd and pf route-to broken? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Dec 2009 05:54:45 -0000 Lytochkin Boris wrote: > Hi! > > sbin/ipfw in RELENG_8 do not set sin_len in fwd rule, so sockaddr_in > from ipfw is sucked into rtalloc1_fib() at last with zero length and > is routed to lo0 instead of correct interface. > Returning sin_len into sbin/ipfw resolves issue. > > sin_len setting was removed in revision 1.146 by luigi. > > What is correct solution? Return sin_len setting into sbin/ipfw or > something else? poke luigi > > On Fri, Dec 4, 2009 at 11:47 AM, Lytochkin Boris wrote: >> Hi! >> >> It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning: >> 1) ipfw fwd >> a) net.inet.ip.forwarding = 0 >> Packets altered by fwd rule are silently dropped somewhere >> between ip_output() checking forward tag and bpf (tcpdump does not >> show these packets) >> b) net.inet.ip.forwarding = 1 >> Packets altered by fwd rule are forwarded according to normal >> routing table (in my case they were forwarded to default gateway), not >> fwd statement >> >> 2) pf route-to >> Both values of net.inet.ip.forwarding replicates 1b case. >> >> >> Sample configs >> >> 1) ipfw >> add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out >> add 65534 allow ip from any to any >> >> 2) pf >> scrub in all fragment reassemble >> pass in all flags S/SA keep state >> pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24 >> to any flags S/SA keep state >> >> ~>uname -a >> FreeBSD thost 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #5: Wed Dec 2 >> 13:43:48 MSK 2009 root@thost:/usr/obj/usr/src/sys/CSUP amd64 >> >> > -- > Regards, > Boris Lytochkin > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"