Date: Sun, 3 Feb 2002 21:35:53 -0500 (EST) From: Greg Prosser <greg@straynet.com> To: "M. Warner Losh" <imp@village.org> Cc: <michaelnottebrock@gmx.net>, <stable@FreeBSD.ORG> Subject: Re: dropping 127.* on the floor Message-ID: <20020203213338.V12914-100000@voyager.straynet.com> In-Reply-To: <20020203.191758.96919906.imp@village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I just tested myself with the squid way of doing things (ipfw instead of ipf), and it also affects that. Looks like transparent squid proxying is now hosed, fun. Point of note, it seems -RELEASE is not affected by this, which is a good sign. Should I send a private mail to the commiter, or is it being taken care of? -gnp on Sun, 3 Feb 2002, M. Warner Losh babbled .. ;; In message: <3C5DE578.4020409@gmx.net> ;; Michael Nottebrock <michaelnottebrock@gmx.net> writes: ;; : Greg Prosser wrote: ;; : ;; : > FWIW, my problem was a change in the ip stack. ;; : > ;; : > We now drop 127.* packets on the floor if they come in across an interface ;; : > that is not lo0. Since ipnat redirect rules happen below the ip stack, ;; : > packets which are rewritten by ipnat to use a 127.* address get dropped on ;; : > the floor when they enter the stack. ipnat records the redirect as having ;; : > worked, but the packet just disappears silently. This totally breaks ;; : > my transparent proxy, as I forward the connections to 127.0.0.1 via ipnat. ;; : ;; : ;; : Ugh. This probably means that transparent squid proxying will also break ;; : and _that_ scares me (no touchy cvsup for my -STABLE box). You might ;; : want to contact the committer about this. ;; ;; It is certainly looking like this change will be backed out. It is ;; well intended, but breaks too many things. :-( To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020203213338.V12914-100000>