Kern/73129 and 5.3-STABLE
tad at vif.com
tad at vif.com
Tue Mar 1 18:07:57 PST 2005
> On Thu, Feb 10, 2005 at 11:27:35AM +0100, Andre Oppermann wrote:
> > > On Wed, Feb 09, 2005 at 09:48:18PM +0100, Andre Oppermann wrote:
> > > > The problem is with locally generated packets which go the wrong way.
> > > > This gets nasty when the box has to generate some path MTU discovery
> > > > ICMP message and such. What I implemented is the correct thing to do
> > > > and prevents foot-shooting. On the other hand it prevents people from
> > > > forwarding local ports and such. Both sides of the coin have merit
> > > > and there is no easy deciding between them or obvious right or wrong
> > > > choice.
[...]
> The code that is currently in the tree.
> -- Andre Oppermann
Sorry for bringing this again, I am still getting discrepancies with ipfw fwd.
Here is a my test:
ProxyHost# ipfw add 10 fwd DestinationHost icmp from SourceHost to any
SourceHost# ping Proxy_Host
** On 5.3 Stable (5.4-PRERELEASE #1: Sun Feb 27 20:31:49 EST 2005)
and 6.0 Current (6.0-CURRENT #8: Tue Mar 1 12:32:33 EST 2005)
I get replies from ProxyHost without any forwarding to DestinationHost
** On 4-x and 5.2.1 Fwd works and packets hit DestinationHost
-Talal
More information about the freebsd-net
mailing list