Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 May 2016 14:03:32 -0400
From:      Adonis Peralta <>
Subject:   ipfw fwd sends to port but also through gateway
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi all,

I am noticing something weird in regards to ipfw forwarding when I am =
attempting to set up squid web proxying.=20

Here is the info:

ipfw rule: ipfw -q add fwd,8080 tcp from ={1-5,7-254} to any dst-port 80 in via igb0 //I exclude the =
servers ip here to prevent a loop
Squid Proxy: running on localhost ( port 8080.
Freebsd box ip:
Router box:

Essentially when any ip (not my freebsd ip) makes a request to port 80 =
my router will route that ip using policy based routing to my freebsd =
box. Then the ipfw fwd rule above sends that traffic over to my squid =
proxy port. This is working fine and the fwd rule above does definitely =
However the issue Im seeing is that ipfw fwd not only sends the packet =
out to the squid proxy but ALSO sends it out to the original destination =
causing all sorts of issues for my client because it messes up the tcp =

To be more clear what I see is when client makes a request =
on port 80=E2=80=A6 my freebsd box receives it.. then forwards it to =
squid but also sends it out to the original destination so for every =
packet coming to port 80 i see two going out..

To debug this problem a bit further I stopped squid, and setup "nc -l =
8080" to catch incoming requests via the fwd.

Doing a tcpdump I see: > Flags [S], cksum =
0x9385 (correct), seq 1939422713, win 65535, options [mss =
1460,nop,wscale 5,nop,nop,TS val 1149232947 ecr 0,sackOK,eol], length 0
13:14:16.209753 IP (tos 0x0, ttl 64, id 10951, offset 0, flags [DF], =
proto TCP (6), length 60) > Flags [S.], =
cksum 0xe4da (incorrect -> 0x8343), seq 3934654233, ack 1939422714, win =
65535, options [mss 1460,nop,wscale 6,sackOK,TS val 1794161828 ecr =
1149232947], length 0

Netcat catches the HTTP Get request (i can see it in netcats console).. =
but the above tcpdump definitely tells me that the request was also sent =
to to aws itself this is implied by the fact that aws responded back to =
original ip (

When I have squid running I see the same thing in the above tcpdump but =
also communication between my freebsd box ip and the =
requested http site.

 Why is this happening? Is this a bug?


Want to link to this message? Use this URL: <>