Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 06 Oct 2011 14:42:23 +0400
From:      Oleg Strizhak <oleg@pcbtech.ru>
To:        "Andrey V. Elsukov" <ae@FreeBSD.org>
Cc:        freebsd-ipfw@FreeBSD.org, melifaro@FreeBSD.org
Subject:   Re: ipfw nat drops icmp packets from localhost
Message-ID:  <4E8D860F.2030505@pcbtech.ru>
In-Reply-To: <4E8D7728.6050608@FreeBSD.org>
References:  <4E8D6702.9070707@pcbtech.ru> <4E8D7728.6050608@FreeBSD.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hello, Andrey V. Elsukov!

You wrote on 06.10.2011 at 13:38:

> On 06.10.2011 12:29, Oleg Strizhak wrote:
>> After an investigation I've found out a very strange situation - it seems to me, that ipfw nat drops
>> some (type 11?) icmp reply packets, whose udp request packets it hasn't rewritten/seen before, e.g:
>>
>> So, I wonder whether someone else has seen the same case under the similar circumstances? Isn't it a
>> bug within ipfw nat module and is there any work-around/patch for that? I've surely googled, but in
>> vain =( The only thing, that seems alike to my problem, is
>> http://www.freebsd.org/cgi/query-pr.cgi?pr=129093, but the patch for 8 branch didn't cure anything =(
>
> Can you describe how you did apply and test this patch?

in a usual way =) Unfortunately, copy-pasted from the mentioned above 
page patch couldn't be applied w/ error:

> $ patch < ~/ip_fw_nat.patch
> Hmm...  Looks like a unified diff to me...
> The text leading up to this was:
> --------------------------
> |--- stable/8/sys/netinet/ipfw/ip_fw_nat.c      Thu Jul 7 08:33:58 2011 (r223834)
> |+++ stable/8/sys/netinet/ipfw/ip_fw_nat.c      Thu Jul 7 09:29:11 2011 (r223835)
> --------------------------
> Patching file ip_fw_nat.c using Plan A...
> patch: **** malformed patch at line 4: else

the same results were obtained with combinations of -p5 -l and tail +2 
~/ip_fw_nat.patch options & commands
Finally, I modified the patch (which applies w/o a word =) a little bit 
w/o any difference to the original one:

>  $ /usr/bin/diff -wBbu3 ~/ip_fw_nat.patch ~/ip_fw_nat.patch.my
> --- /root/ip_fw_nat.patch       2011-10-04 14:08:32.000000000 +0400
> +++ /root/ip_fw_nat.patch.my    2011-10-04 14:29:53.000000000 +0400
> @@ -1,5 +1,5 @@
> ---- stable/8/sys/netinet/ipfw/ip_fw_nat.c      Thu Jul 7 08:33:58 2011 (r223834)
> -+++ stable/8/sys/netinet/ipfw/ip_fw_nat.c      Thu Jul 7 09:29:11 2011 (r223835)
> +--- ip_fw_nat.c.orig   2010-12-21 20:09:25.000000000 +0300
> ++++ ip_fw_nat.c        2011-10-04 14:27:02.000000000 +0400
>  @@ -263,17 +263,27 @@
>  else
>  retval = LibAliasOut(t->lib, c,

then I recompiled the kernel, rebooted server and.. all is just the same =(

WBR,
Oleg



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4E8D860F.2030505>