From owner-freebsd-ipfw@FreeBSD.ORG Mon Apr 15 06:25:12 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id ECCB4912 for ; Mon, 15 Apr 2013 06:25:12 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) by mx1.freebsd.org (Postfix) with ESMTP id 661B86C0 for ; Mon, 15 Apr 2013 06:25:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id r3F6P9Uw097111; Mon, 15 Apr 2013 16:25:09 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Mon, 15 Apr 2013 16:25:09 +1000 (EST) From: Ian Smith To: Michael Sierchio Subject: Re: Problems with ipfw/natd and axe(4) In-Reply-To: Message-ID: <20130415160625.K56386@sola.nimnet.asn.au> References: <20130415015850.Y56386@sola.nimnet.asn.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: Spil Oss , freebsd-ipfw@freebsd.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Apr 2013 06:25:13 -0000 On Sun, 14 Apr 2013 10:34:06 -0700, Michael Sierchio wrote: > On Sun, Apr 14, 2013 at 10:26 AM, Ian Smith wrote: > > > 'allow ip' aka 'allow all' doesn't usually take a port number, which > > applies only to tcp and udp. > > It does in ipfw - in which case it means ( udp | tcp ) You're quite right, and my assumption that it would also permit icmp was quite wrong, after a quick test. Which appears to leave the bypassed divert not working with rx/txcsum the only viable suspect. The ruleset is otherwise 'out of the box'. Does anyone know whether this is an issue with libalias(3) generally - in which case using nat instead of divert shouldn't help - or just with natd in particular? cheers, Ian