From owner-freebsd-ipfw@FreeBSD.ORG Thu Oct 6 10:42:26 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 332F41065674 for ; Thu, 6 Oct 2011 10:42:26 +0000 (UTC) (envelope-from oleg@pcbtech.ru) Received: from contrabass.corbina.net (contrabass.post.ru [85.21.78.5]) by mx1.freebsd.org (Postfix) with ESMTP id D47E58FC08 for ; Thu, 6 Oct 2011 10:42:25 +0000 (UTC) Received: from corbina.ru (violin.corbina.net [195.14.50.30]) by contrabass.corbina.net (Postfix) with ESMTP id 7AE57CDFF3; Thu, 6 Oct 2011 14:42:24 +0400 (MSD) Received: from [10.200.63.205] (account indeez@post.ru HELO indeez.pcbtech.ru) by fe1-mc.corbina.ru (CommuniGate Pro SMTP 5.4.0) with ESMTPSA id 38661263; Thu, 06 Oct 2011 14:42:24 +0400 Received: from [192.168.0.33] (localhost [127.0.0.1]) by indeez.pcbtech.ru (8.14.4/8.14.4) with ESMTP id p96AgNZS090164; Thu, 6 Oct 2011 14:42:23 +0400 (MSD) (envelope-from oleg@pcbtech.ru) Message-ID: <4E8D860F.2030505@pcbtech.ru> Date: Thu, 06 Oct 2011 14:42:23 +0400 From: Oleg Strizhak User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: "Andrey V. Elsukov" References: <4E8D6702.9070707@pcbtech.ru> <4E8D7728.6050608@FreeBSD.org> In-Reply-To: <4E8D7728.6050608@FreeBSD.org> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.97.2 at indeez.pcbtech.ru X-Virus-Status: Clean Cc: freebsd-ipfw@FreeBSD.org, melifaro@FreeBSD.org Subject: Re: ipfw nat drops icmp packets from localhost X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Oct 2011 10:42:26 -0000 Hello, Andrey V. Elsukov! You wrote on 06.10.2011 at 13:38: > On 06.10.2011 12:29, Oleg Strizhak wrote: >> After an investigation I've found out a very strange situation - it seems to me, that ipfw nat drops >> some (type 11?) icmp reply packets, whose udp request packets it hasn't rewritten/seen before, e.g: >> >> So, I wonder whether someone else has seen the same case under the similar circumstances? Isn't it a >> bug within ipfw nat module and is there any work-around/patch for that? I've surely googled, but in >> vain =( The only thing, that seems alike to my problem, is >> http://www.freebsd.org/cgi/query-pr.cgi?pr=129093, but the patch for 8 branch didn't cure anything =( > > Can you describe how you did apply and test this patch? in a usual way =) Unfortunately, copy-pasted from the mentioned above page patch couldn't be applied w/ error: > $ patch < ~/ip_fw_nat.patch > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |--- stable/8/sys/netinet/ipfw/ip_fw_nat.c Thu Jul 7 08:33:58 2011 (r223834) > |+++ stable/8/sys/netinet/ipfw/ip_fw_nat.c Thu Jul 7 09:29:11 2011 (r223835) > -------------------------- > Patching file ip_fw_nat.c using Plan A... > patch: **** malformed patch at line 4: else the same results were obtained with combinations of -p5 -l and tail +2 ~/ip_fw_nat.patch options & commands Finally, I modified the patch (which applies w/o a word =) a little bit w/o any difference to the original one: > $ /usr/bin/diff -wBbu3 ~/ip_fw_nat.patch ~/ip_fw_nat.patch.my > --- /root/ip_fw_nat.patch 2011-10-04 14:08:32.000000000 +0400 > +++ /root/ip_fw_nat.patch.my 2011-10-04 14:29:53.000000000 +0400 > @@ -1,5 +1,5 @@ > ---- stable/8/sys/netinet/ipfw/ip_fw_nat.c Thu Jul 7 08:33:58 2011 (r223834) > -+++ stable/8/sys/netinet/ipfw/ip_fw_nat.c Thu Jul 7 09:29:11 2011 (r223835) > +--- ip_fw_nat.c.orig 2010-12-21 20:09:25.000000000 +0300 > ++++ ip_fw_nat.c 2011-10-04 14:27:02.000000000 +0400 > @@ -263,17 +263,27 @@ > else > retval = LibAliasOut(t->lib, c, then I recompiled the kernel, rebooted server and.. all is just the same =( WBR, Oleg