From owner-freebsd-ipfw@FreeBSD.ORG  Sun Feb 12 12:47:56 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1A36E16A422;
	Sun, 12 Feb 2006 12:47:56 +0000 (GMT) (envelope-from yar@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C8FE143D45;
	Sun, 12 Feb 2006 12:47:55 +0000 (GMT) (envelope-from yar@FreeBSD.org)
Received: from freefall.freebsd.org (yar@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1CCltm2075470;
	Sun, 12 Feb 2006 12:47:55 GMT
	(envelope-from yar@freefall.freebsd.org)
Received: (from yar@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1CCltD7075466;
	Sun, 12 Feb 2006 12:47:55 GMT (envelope-from yar)
Date: Sun, 12 Feb 2006 12:47:55 GMT
From: Yar Tikhiy <yar@FreeBSD.org>
Message-Id: <200602121247.k1CCltD7075466@freefall.freebsd.org>
To: hsn@netmag.cz, yar@FreeBSD.org, freebsd-ipfw@FreeBSD.org, oleg@FreeBSD.org
Cc: 
Subject: Re: kern/76971: [ipfw] ipfw antispoof incorrectly blocks broadcasts
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Feb 2006 12:47:56 -0000

Synopsis: [ipfw] ipfw antispoof incorrectly blocks broadcasts

State-Changed-From-To: open->closed
State-Changed-By: yar
State-Changed-When: Sun Feb 12 12:46:00 UTC 2006
State-Changed-Why: 
oleg@ has fixed this bug in all active branches.  Thanks!


Responsible-Changed-From-To: freebsd-ipfw->oleg
Responsible-Changed-By: yar
Responsible-Changed-When: Sun Feb 12 12:46:00 UTC 2006
Responsible-Changed-Why: 
oleg@ has fixed this bug in all active branches.  Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=76971

From owner-freebsd-ipfw@FreeBSD.ORG  Sun Feb 12 14:22:32 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE87116A420
	for <freebsd-ipfw@freebsd.org>; Sun, 12 Feb 2006 14:22:32 +0000 (GMT)
	(envelope-from rockstedt@telia.com)
Received: from av12-2-sn2.hy.skanova.net (av12-2-sn2.hy.skanova.net
	[81.228.8.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id D03FB43D45
	for <freebsd-ipfw@freebsd.org>; Sun, 12 Feb 2006 14:22:31 +0000 (GMT)
	(envelope-from rockstedt@telia.com)
Received: by av12-2-sn2.hy.skanova.net (Postfix, from userid 502)
	id B448638067; Sun, 12 Feb 2006 15:22:29 +0100 (CET)
Received: from smtp4-1-sn2.hy.skanova.net (smtp4-1-sn2.hy.skanova.net
	[81.228.8.92])
	by av12-2-sn2.hy.skanova.net (Postfix) with ESMTP id 65D8637F0B
	for <freebsd-ipfw@freebsd.org>; Sun, 12 Feb 2006 15:22:29 +0100 (CET)
Received: from PCCompaq (h236n2fls32o1015.telia.com [217.210.57.236])
	by smtp4-1-sn2.hy.skanova.net (Postfix) with SMTP id 4F68D37E54
	for <freebsd-ipfw@freebsd.org>; Sun, 12 Feb 2006 15:22:29 +0100 (CET)
Message-ID: <00a701c62fdf$bfe75860$3401a8c0@PCCompaq>
From: "Janne Rockstedt" <rockstedt@telia.com>
To: <freebsd-ipfw@freebsd.org>
Date: Sun, 12 Feb 2006 15:22:26 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: ipnat tcp
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Feb 2006 14:22:32 -0000

Hi all!

My ipnat.rules:
map xl1 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
map xl1 192.168.0.0/24 -> 0/32
map xl1 192.168.0.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
rdr xl1 0/32 port 2222 -> 192.168.0.52 port 2222

My: # ipnat -l
map xl1 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map xl1 192.168.0.0/24 -> 0.0.0.0/32
map xl1 192.168.0.0/24 -> 0.0.0.0/32 proxy port isakmp ipsec/udp
rdr xl1 0.0.0.0/32 port 2222 -> 192.168.0.52 port 2222 tcp



Why is last raw on ipnat -l  showning TCP on port 2222?
I have not used tcp in my ipnat.rules on the port 2222

//Jan

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Feb 13 09:07:13 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3DD1616A420
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Feb 2006 09:07:13 +0000 (GMT)
	(envelope-from igorpopov@newmail.ru)
Received: from flock1.newmail.ru (flock1.newmail.ru [80.68.241.157])
	by mx1.FreeBSD.org (Postfix) with SMTP id A33A443D49
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Feb 2006 09:07:12 +0000 (GMT)
	(envelope-from igorpopov@newmail.ru)
Received: (qmail 13440 invoked from network); 13 Feb 2006 09:07:10 -0000
Received: from unknown (HELO moon.wbt.ru) (igorpopov.newmail.ru@80.250.66.38)
	by smtpd.newmail.ru with SMTP; 13 Feb 2006 09:07:10 -0000
From: Igor Popov <igorpopov@newmail.ru>
Organization: HOME
To: freebsd-ipfw@freebsd.org
Date: Mon, 13 Feb 2006 11:07:01 +0200
User-Agent: KMail/1.8.3
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200602131107.01836.igorpopov@newmail.ru>
Subject: Feature request for PF
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2006 09:07:13 -0000

	Hi, all!
PF doesn't have ability to match on packet size and tcp/udp payload size. Is 
it possible to add this features to PF, may be only in FreeBSD's PF? 
Sometimes it is very usefull. 

From owner-freebsd-ipfw@FreeBSD.ORG  Mon Feb 13 11:02:33 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3442916A420
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Feb 2006 11:02:33 +0000 (GMT)
	(envelope-from owner-bugmaster@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D8D7D43D48
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Feb 2006 11:02:32 +0000 (GMT)
	(envelope-from owner-bugmaster@freebsd.org)
Received: from freefall.freebsd.org (peter@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1DB2W0D067300
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Feb 2006 11:02:32 GMT
	(envelope-from owner-bugmaster@freebsd.org)
Received: (from peter@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1DB2VHx067294
	for freebsd-ipfw@freebsd.org; Mon, 13 Feb 2006 11:02:31 GMT
	(envelope-from owner-bugmaster@freebsd.org)
Date: Mon, 13 Feb 2006 11:02:31 GMT
Message-Id: <200602131102.k1DB2VHx067294@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: peter set sender to
	owner-bugmaster@freebsd.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to you
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2006 11:02:33 -0000

Current FreeBSD problem reports
Critical problems
Serious problems

S  Submitted   Tracker     Resp.       Description
-------------------------------------------------------------------------------
o [2003/04/22] kern/51274  ipfw        [ipfw] [patch] ipfw2 create dynamic rules
f [2003/04/24] kern/51341  ipfw        [ipfw] [patch] ipfw rule 'deny icmp from 
o [2004/03/03] kern/63724  ipfw        [ipfw] IPFW2 Queues dont t work
o [2004/11/13] kern/73910  ipfw        [ipfw] serious bug on forwarding of packe
o [2004/11/19] kern/74104  ipfw        [ipfw] ipfw2/1 conflict not detected or r
o [2005/03/13] conf/78762  ipfw        [ipfw] [patch] /etc/rc.d/ipfw should exce
o [2005/05/11] bin/80913   ipfw        [patch] /sbin/ipfw2 silently discards MAC
o [2005/11/08] kern/88659  ipfw        [modules] ipfw and ip6fw do not work prop
o [2005/11/08] kern/88664  ipfw        [ipfw] ipfw stateful firewalling broken w

9 problems total.

Non-critical problems

S  Submitted   Tracker     Resp.       Description
-------------------------------------------------------------------------------
a [2001/04/13] kern/26534  ipfw        [ipfw] Add an option to ipfw to log gid/u
o [2002/12/10] kern/46159  ipfw        [ipfw] [patch] ipfw dynamic rules lifetim
o [2003/02/11] kern/48172  ipfw        [ipfw] [patch] ipfw does not log size and
o [2003/03/10] kern/49086  ipfw        [ipfw] [patch] Make ipfw2 log to differen
o [2003/04/09] bin/50749   ipfw        [ipfw] [patch] ipfw2 incorrectly parses p
o [2003/08/26] kern/55984  ipfw        [ipfw] [patch] time based firewalling sup
o [2003/12/30] kern/60719  ipfw        [ipfw] Headerless fragments generate cryp
o [2004/08/03] kern/69963  ipfw        [ipfw] install_state warning about alread
o [2004/09/04] kern/71366  ipfw        [ipfw] "ipfw fwd" sometimes rewrites dest
o [2004/10/22] kern/72987  ipfw        [ipfw] ipfw/dummynet pipe/queue 'queue [B
o [2004/10/29] kern/73276  ipfw        [ipfw] [patch] ipfw2 vulnerability (parse
o [2005/03/13] bin/78785   ipfw        [ipfw] [patch] ipfw verbosity locks machi
o [2005/05/05] kern/80642  ipfw        [ipfw] [patch] ipfw small patch - new RUL
o [2005/06/28] kern/82724  ipfw        [ipfw] [patch] Add setnexthop and default
o [2005/10/05] kern/86957  ipfw        [ipfw] [patch] ipfw mac logging
o [2005/10/07] kern/87032  ipfw        [ipfw] [patch] ipfw ioctl interface imple
o [2006/01/03] bin/91245   ipfw        [patch] ipfw(8) sometimes treat ipv6 inpu
o [2006/01/16] kern/91847  ipfw        [ipfw] ipfw with vlanX as the device

18 problems total.


From owner-freebsd-ipfw@FreeBSD.ORG  Mon Feb 13 18:35:16 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 00A9116A420
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Feb 2006 18:35:16 +0000 (GMT)
	(envelope-from linux@giboia.org)
Received: from adriana.dilk.com.br (adriana.dilk.com.br [200.250.23.1])
	by mx1.FreeBSD.org (Postfix) with SMTP id C372843D46
	for <freebsd-ipfw@freebsd.org>; Mon, 13 Feb 2006 18:35:14 +0000 (GMT)
	(envelope-from linux@giboia.org)
Received: (qmail 12786 invoked by uid 98); 13 Feb 2006 18:34:45 -0000
Received: from 10.0.0.95 by lda.dilk.com.br (envelope-from <linux@giboia.org>,
	uid 82) with qmail-scanner-1.25-st-qms 
	(uvscan: v4.4.00/v4545. perlscan: 1.25-st-qms.  
	Clear:RC:1(10.0.0.95):. 
	Processed in 0.029383 secs); 13 Feb 2006 18:34:45 -0000
Received: from unknown (HELO giboia) (10.0.0.95)
	by adriana.dilk.com.br with SMTP; 13 Feb 2006 18:34:45 -0000
Date: Mon, 13 Feb 2006 16:36:17 -0200
From: Gilberto Villani Brito <linux@giboia.org>
To: freebsd-ipfw@freebsd.org
Message-ID: <20060213163617.79d2695c@giboia>
In-Reply-To: <00a701c62fdf$bfe75860$3401a8c0@PCCompaq>
References: <00a701c62fdf$bfe75860$3401a8c0@PCCompaq>
X-Mailer: Sylpheed-Claws 1.9.14 (GTK+ 2.8.3; i586-mandriva-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: ipnat tcp
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2006 18:35:16 -0000

In your rules, you didn't specify the protocol so the default of ipnat
is tcp.
For any rule using port, you need specify protocol.

Gilberto


On Sun, 12 Feb 2006 15:22:26 +0100 "Janne Rockstedt"
<rockstedt@telia.com> wrote:

> Hi all!
> 
> My ipnat.rules:
> map xl1 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
> map xl1 192.168.0.0/24 -> 0/32
> map xl1 192.168.0.0/24 -> 0.0.0.0/32 proxy port 500 ipsec/udp
> rdr xl1 0/32 port 2222 -> 192.168.0.52 port 2222
> 
> My: # ipnat -l
> map xl1 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
> map xl1 192.168.0.0/24 -> 0.0.0.0/32
> map xl1 192.168.0.0/24 -> 0.0.0.0/32 proxy port isakmp ipsec/udp
> rdr xl1 0.0.0.0/32 port 2222 -> 192.168.0.52 port 2222 tcp
> 
> 
> 
> Why is last raw on ipnat -l  showning TCP on port 2222?
> I have not used tcp in my ipnat.rules on the port 2222
> 
> //Jan
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
> "freebsd-ipfw-unsubscribe@freebsd.org"
> 

From owner-freebsd-ipfw@FreeBSD.ORG  Tue Feb 14 07:04:25 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@hub.freebsd.org
Delivered-To: freebsd-ipfw@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 69DA416A420;
	Tue, 14 Feb 2006 07:04:25 +0000 (GMT)
	(envelope-from linimon@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2557B43D45;
	Tue, 14 Feb 2006 07:04:25 +0000 (GMT)
	(envelope-from linimon@FreeBSD.org)
Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k1E74PHp057886;
	Tue, 14 Feb 2006 07:04:25 GMT
	(envelope-from linimon@freefall.freebsd.org)
Received: (from linimon@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k1E74O6k057882;
	Tue, 14 Feb 2006 07:04:24 GMT (envelope-from linimon)
Date: Tue, 14 Feb 2006 07:04:24 GMT
From: Mark Linimon <linimon@FreeBSD.org>
Message-Id: <200602140704.k1E74O6k057882@freefall.freebsd.org>
To: linimon@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org
Cc: 
Subject: Re: kern/93300: ipfw pipe lost packets
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Feb 2006 07:04:25 -0000

Synopsis: ipfw pipe lost packets

Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw
Responsible-Changed-By: linimon
Responsible-Changed-When: Tue Feb 14 07:04:13 UTC 2006
Responsible-Changed-Why: 
Over to maintainer(s).

http://www.freebsd.org/cgi/query-pr.cgi?pr=93300

From owner-freebsd-ipfw@FreeBSD.ORG  Wed Feb 15 22:50:57 2006
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 583FE16A422
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Feb 2006 22:50:57 +0000 (GMT)
	(envelope-from barry@unix.co.nz)
Received: from smtp1.clear.net.nz (smtp1.clear.net.nz [203.97.33.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5CB4F43D73
	for <freebsd-ipfw@freebsd.org>; Wed, 15 Feb 2006 22:50:49 +0000 (GMT)
	(envelope-from barry@unix.co.nz)
Received: from tcl02991 ([10.200.56.80]) by smtp1.clear.net.nz (CLEAR Net Mail)
	with SMTP id <0IUR00KK13GNIN@smtp1.clear.net.nz> for
	freebsd-ipfw@freebsd.org; Thu, 16 Feb 2006 11:50:48 +1300 (NZDT)
Date: Thu, 16 Feb 2006 11:50:47 +1300
From: Barry Murphy <barry@unix.co.nz>
To: freebsd-ipfw@freebsd.org
Message-id: <03de01c63282$430d24f0$5038c80a@clear.co.nz>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
Subject: ipfw with fw.one_pass doesnt work when specifying interface
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2006 22:50:57 -0000

Hey guys,

I've found "/sbin/sysctl net.inet.ip.fw.one_pass=0" not to work on rules
that have the "in via IF" specified.

Replicated:
ipfw add 00082 count log ip from 60.234.68.88/29 to any in via em1
ipfw add 00082 count log ip from any to 60.234.68.88/29 out via em1

ipfw add 01082 count log ip from 60.234.68.88/29 to any in via em1
ipfw add 01082 count log ip from any to 60.234.68.88/29 out via em1

Rule 82 picks up traffic but rule 1082 gets none.

It works fine if I use:
ipfw add 00082 count ip from any to 60.234.68.88/29 in
ipfw add 00082 count ip from 60.234.68.88/29 to any out

ipfw add 01082 count ip from any to 60.234.68.88/29 in
ipfw add 01082 count ip from 60.234.68.88/29 to any out

However I need to specify an interface (em1) as I'll be adding a FWD rule to
a transparent proxy and want it to count the traffic to the proxy too.

Any ideas?

Cheers
Barry