Date: Mon, 4 Feb 2002 15:25:19 +0200 From: Ruslan Ermilov <ru@freebsd.org> To: Mike Tancsa <mike@sentex.net> Cc: stable@freebsd.org, Warner Losh <imp@freebsd.org> Subject: Re: dropping 127.* on the floor Message-ID: <20020204152519.B58535@sunbay.com> In-Reply-To: <5.1.0.14.0.20020204080228.022ab9c0@192.168.0.12> References: <3C5DE578.4020409@gmx.net> <20020203152433.A5932-100000@voyager.straynet.com> <3C5DE578.4020409@gmx.net> <5.1.0.14.0.20020204080228.022ab9c0@192.168.0.12>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 04, 2002 at 08:04:20AM -0500, Mike Tancsa wrote: > Hi, > Will this be backed out, or do you know of a work around to this > issue? > The ip_input() part in question was committed to RELENG_4 in revision 1.130.2.20 by a different committer, about a year ago. I think the original poster should fix his rulesets instead. I don't believe that transparent proxying (using the IPFIREWALL_FORWARD) was broken by this change, as it doesn't bind sockets to loopback addresses. > At 07:17 PM 2/3/2002 -0700, M. Warner Losh wrote: > >In message: <3C5DE578.4020409@gmx.net> > > Michael Nottebrock <michaelnottebrock@gmx.net> writes: > >: Greg Prosser wrote: > >: > >: > FWIW, my problem was a change in the ip stack. > >: > > >: > We now drop 127.* packets on the floor if they come in across an interface > >: > that is not lo0. Since ipnat redirect rules happen below the ip stack, > >: > packets which are rewritten by ipnat to use a 127.* address get dropped on > >: > the floor when they enter the stack. ipnat records the redirect as having > >: > worked, but the packet just disappears silently. This totally breaks > >: > my transparent proxy, as I forward the connections to 127.0.0.1 via ipnat. > >: > >: > >: Ugh. This probably means that transparent squid proxying will also break > >: and _that_ scares me (no touchy cvsup for my -STABLE box). You might > >: want to contact the committer about this. > > > >It is certainly looking like this change will be backed out. It is > >well intended, but breaks too many things. :-( > > > >Warner -- Ruslan Ermilov Sysadmin and DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204152519.B58535>