From owner-freebsd-ipfw@freebsd.org Sun May 10 21:01:11 2020 Return-Path: Delivered-To: freebsd-ipfw@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 869D12F3E61 for ; Sun, 10 May 2020 21:01:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 49KxLb30lyz4g8S for ; Sun, 10 May 2020 21:01:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.nyi.freebsd.org (Postfix) id 564DF2F3E5F; Sun, 10 May 2020 21:01:11 +0000 (UTC) Delivered-To: ipfw@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 55EAC2F3E5E for ; Sun, 10 May 2020 21:01:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49KxLb1KqXz4g8H for ; Sun, 10 May 2020 21:01:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0D881B5CC for ; Sun, 10 May 2020 21:01:11 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 04AL1AQF050151 for ; Sun, 10 May 2020 21:01:10 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 04AL1AOu050150 for ipfw@FreeBSD.org; Sun, 10 May 2020 21:01:10 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <202005102101.04AL1AOu050150@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: ipfw@FreeBSD.org Subject: Problem reports for ipfw@FreeBSD.org that need special attention Date: Sun, 10 May 2020 21:01:10 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 May 2020 21:01:11 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New | 232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action. From owner-freebsd-ipfw@freebsd.org Wed May 13 21:57:33 2020 Return-Path: Delivered-To: freebsd-ipfw@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8C9EC2DA70F for ; Wed, 13 May 2020 21:57:33 +0000 (UTC) (envelope-from info@netocean.de) Received: from netocean.de (mx1.netocean.email [45.155.84.4]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49MpSD2K0Nz4hpX for ; Wed, 13 May 2020 21:57:31 +0000 (UTC) (envelope-from info@netocean.de) Received: by netocean.de (NetOcean MX, from userid 58) id 6ECEE99FAA3; Wed, 13 May 2020 23:57:23 +0200 (CEST) Received: from MacBook-Pro.local (Prod-HAProxy-10.ocn.sh [172.18.12.103]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by netocean.de (NetOcean MX) with ESMTPSA id CF39099FAA1 for ; Wed, 13 May 2020 23:57:22 +0200 (CEST) To: freebsd-ipfw@freebsd.org From: Leander Schaefer Subject: HAProxy - Transparent Binding Organization: NetOcean GmbH Message-ID: <03e53a4c-7afa-1d38-3b00-3a9519b62eda@NetOcean.de> Date: Wed, 13 May 2020 23:57:19 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 49MpSD2K0Nz4hpX X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of info@netocean.de designates 45.155.84.4 as permitted sender) smtp.mailfrom=info@netocean.de X-Spamd-Result: default: False [-5.91 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-ipfw@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; HAS_ORG_HEADER(0.00)[]; IP_SCORE(-3.61)[ip: (-9.49), ipnet: 45.155.84.0/22(-4.75), asn: 60776(-3.80), country: DE(-0.02)]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:60776, ipnet:45.155.84.0/22, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 May 2020 21:57:33 -0000 Hello, I need to have transparent binding for my haproxy. Therefore I found a tutorial for Linux: https://www.haproxy.com/de/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/ Do you perhaps know the equivilant kernel options for FreeBSD: - CONFIG_NETFILTER_TPROXY - CONFIG_NETFILTER_XT_TARGET_TPROXY or if there is even any change required in the kernel of the latest FreeBSD 12.1-RELEASE to achieve the same goal? # iptables rules: iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT # IP route rules: ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 # HAProxy conf: # Transparent binding can be configured like this: [...] frontend ft_application   bind 1.1.1.1:80 transparent [...] # Transparent proxying can be configured like this: [...] backend bk_application   source 0.0.0.0 usesrc clientip [...]