Date: Fri, 22 Sep 2000 12:51:43 +0300 From: Adrian Pavlykevych <pam@polynet.lviv.ua> To: Bill Fumerola <billf@chimesnet.com> Cc: stable@freebsd.org, luigi@labinfo.iet.unipi.it Subject: Re: Strange behavior of ipfw "fwd" rule Message-ID: <20000922125143.A1633@polynet.lviv.ua> In-Reply-To: <20000921111100.I66839@jade.chc-chimes.com>; from billf@chimesnet.com on Thu, Sep 21, 2000 at 11:11:00AM -0400 References: <20000921180334.D10274@polynet.lviv.ua> <20000921111100.I66839@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 21, 2000 at 11:11:00AM -0400, Bill Fumerola wrote: > On Thu, Sep 21, 2000 at 06:03:35PM +0300, Adrian Pavlykevych wrote: > > > I'm experiencing strange problem with "fwd" rules of ipfw > > > > When I configure ipfw with following rule: > > "fwd 127.0.0.1,23 tcp from any to any" > > to provide transparent proxy, first time the rule is triggered, > > machine looses all IP connectivity. > > That's because you're telling ipfw to take EVERY tcp packet and cram > in into that transparent proxy, which obviously isn't what you want. > > More likely you want something like > > fwd 127.0.0.1,8080 tcp from any to any 80 Well, that's what happens, when someone writes emails in frustration :-) Of course I'm using rule like: --------------------------- add 300 allow tcp from 192.168.0.14/32 to 192.168.0.0/16 via de0 add allow tcp from 192.168.0.0/16 to 192.168.0.14/32 via de0 add fwd 127.0.0.1,23 tcp from 0.0.0.0/0 to 0.0.0.0/0 23 via de0 add fwd 127.0.0.1,2221 tcp from 0.0.0.0/0 to 0.0.0.0/0 22 via de0 add fwd 127.0.0.1,21 tcp from 0.0.0.0/0 to 0.0.0.0/0 21 via de0 add fwd 127.0.0.1,110 tcp from 0.0.0.0/0 to 0.0.0.0/0 110 via de0 add fwd 127.0.0.1,6667 tcp from 0.0.0.0/0 to 0.0.0.0/0 6667 via de0 add fwd 127.0.0.1,6791 tcp from 0.0.0.0/0 to 0.0.0.0/0 6791 via de0 add fwd 127.0.0.1,2401 tcp from 0.0.0.0/0 to 0.0.0.0/0 2401 via de0 add fwd 127.0.0.1,5999 tcp from 0.0.0.0/0 to 0.0.0.0/0 5999 via de0 --------------------------- But the problem is real. Any hit on "fwd" rule and entire machine is cut off _including_ ping (which shouldn't be affected by "tcp" rules, right?) -- Adrian Pavlykevych email: <pam@polynet.lviv.ua> System Administrator phone/fax: +380 (322) 742041 State University "Lvivska Polytechnica" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000922125143.A1633>