Date: Sat, 3 Mar 2001 18:11:58 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Chris Johnson <cjohnson@palomine.net>, stable@FreeBSD.ORG Subject: Re: Did ipfw fwd just break? Message-ID: <200103040211.SAA24825@salsa.gv.tsc.tdk.com> In-Reply-To: <20010303203733.A49750@palomine.net> References: <20010303203733.A49750@palomine.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 3, 8:37pm, Chris Johnson wrote: } Subject: Did ipfw fwd just break? } } --EeQfGwPcQSOJBaQU } Content-Type: text/plain; charset=us-ascii } Content-Disposition: inline } } For a long time I've been running a transparent SMTP proxy on my firewall, } using this rule: } } ipfw fwd 127.0.0.1 tcp from any to any 25 in recv fxp0 } } It's always worked just as I expected. } } I updated my system today (the previous update was on February 12), and now, } even though "ipfw show" indicates that the above rule is matching, the } connection goes right through to its original destination (i.e. it's not } forwarded to 127.0.0.1) just as if the rule weren't there. Just prior to } rebooting the newly updated system, the SMTP connections were forwarded to } 127.0.0.1, exactly according to plan. I can believe that it got broken by some changes to ip_input.c in the last few days that were intended to prevent outsiders from connecting to sockets bound to the loopback interface or an interface on the far side of the host that the administrator hoped were private. If you have rev 1.130.2.17 of ip_input.c, you should be able to disable this check by setting ths sysctl variable net.inet.ip.check_interface to 0. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103040211.SAA24825>