FreeBSD 8: ipfw fwd and pf route-to broken?
Julian Elischer
julian at elischer.org
Sun Dec 6 05:54:45 UTC 2009
Lytochkin Boris wrote:
> Hi!
>
> sbin/ipfw in RELENG_8 do not set sin_len in fwd rule, so sockaddr_in
> from ipfw is sucked into rtalloc1_fib() at last with zero length and
> is routed to lo0 instead of correct interface.
> Returning sin_len into sbin/ipfw resolves issue.
>
> sin_len setting was removed in revision 1.146 by luigi.
>
> What is correct solution? Return sin_len setting into sbin/ipfw or
> something else?
poke luigi
>
> On Fri, Dec 4, 2009 at 11:47 AM, Lytochkin Boris <lytboris at gmail.com> wrote:
>> Hi!
>>
>> It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning:
>> 1) ipfw fwd
>> a) net.inet.ip.forwarding = 0
>> Packets altered by fwd rule are silently dropped somewhere
>> between ip_output() checking forward tag and bpf (tcpdump does not
>> show these packets)
>> b) net.inet.ip.forwarding = 1
>> Packets altered by fwd rule are forwarded according to normal
>> routing table (in my case they were forwarded to default gateway), not
>> fwd statement
>>
>> 2) pf route-to
>> Both values of net.inet.ip.forwarding replicates 1b case.
>>
>>
>> Sample configs
>>
>> 1) ipfw
>> add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out
>> add 65534 allow ip from any to any
>>
>> 2) pf
>> scrub in all fragment reassemble
>> pass in all flags S/SA keep state
>> pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24
>> to any flags S/SA keep state
>>
>> ~>uname -a
>> FreeBSD thost 8.0-PRERELEASE FreeBSD 8.0-PRERELEASE #5: Wed Dec 2
>> 13:43:48 MSK 2009 root at thost:/usr/obj/usr/src/sys/CSUP amd64
>>
>>
> --
> Regards,
> Boris Lytochkin
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list