Date: Fri, 4 Dec 2009 11:47:37 +0300 From: Lytochkin Boris <lytboris@gmail.com> To: freebsd-net@freebsd.org Subject: FreeBSD 8: ipfw fwd and pf route-to broken? Message-ID: <933fa9790912040047k64aa11a7s736688e7382725ad@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi! It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning: 1) ipfw fwd a) net.inet.ip.forwarding = 0 Packets altered by fwd rule are silently dropped somewhere between ip_output() checking forward tag and bpf (tcpdump does not show these packets) b) net.inet.ip.forwarding = 1 Packets altered by fwd rule are forwarded according to normal routing table (in my case they were forwarded to default gateway), not fwd statement 2) pf route-to Both values of net.inet.ip.forwarding replicates 1b case. Sample configs 1) ipfw add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out add 65534 allow ip from any to any 2) pf scrub in all fragment reassemble pass in all flags S/SA keep state pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24 to any flags S/SA keep state ~>uname -a FreeBSD thost 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #5: Wed Dec 2 13:43:48 MSK 2009 root@thost:/usr/obj/usr/src/sys/CSUP amd64 -- Regards, Boris Lytochkin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?933fa9790912040047k64aa11a7s736688e7382725ad>