Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Sep 2004 02:38:59 +0900 (JST)
From:      Kazunori_Fujiwara <fujiwara@wide.ad.jp>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   kern/71910: ipfw forward does not work
Message-ID:  <20040920.023859.74753252.fujiwara@pyon.org>
Resent-Message-ID: <200409191740.i8JHeN0j046881@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         71910
>Category:       kern
>Synopsis:       ipfw forward does not work
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 19 17:40:23 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Kazunori_Fujiwara
>Release:        FreeBSD 5.3-BETA4 i386 and 6-CURRENT
>Organization:
JPRS/WIDE Project
>Environment:
System: FreeBSD f.pyon.org 5.3-BETA4 FreeBSD 5.3-BETA4 #5: Sat Sep 18 11:44:33 JST 2004 fujiwara@f.pyon.org:/usr/obj/usr/src/sys/SC5 i386
System: FreeBSD tree.private 6.0-CURRENT FreeBSD 6.0-CURRENT #8: Mon Sep 20 00:38:18 JST 2004 fujiwara@tree.private:/usr/src/sys/i386/compile/TREE i386

>Description:

  'ipfw fwd' don't forward packet for specified destination
when packet ip_src is the same machine's.

  I checked this on 5.3-BETA4 and 6-current

>How-To-Repeat:

  enable kernel option IPFIREWALL and IPFIREWALL_FORWARD

  ipfw add fwd remote ip from myaddr to any

>Fix:

Index: ip_output.c
===================================================================
RCS file: /FreeBSD-CVS/src/sys/netinet/ip_output.c,v
retrieving revision 1.225.2.3
diff -u -b -r1.225.2.3 ip_output.c
--- ip_output.c	15 Sep 2004 15:07:09 -0000	1.225.2.3
+++ ip_output.c	19 Sep 2004 15:51:42 -0000
@@ -713,7 +713,7 @@
 	/* Or forward to some other address? */
 	fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
 	if (fwd_tag) {
-		if (!in_localip(ip->ip_src) && !in_localaddr(ip->ip_dst)) {
+		if (!in_localaddr(ip->ip_dst)) {
 			dst = (struct sockaddr_in *)&ro->ro_dst;
 			bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
 			m->m_flags |= M_SKIP_FIREWALL;
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040920.023859.74753252.fujiwara>