FreeBSD 8: ipfw fwd and pf route-to broken?
Max Laier
max at love2party.net
Mon Dec 7 19:40:58 UTC 2009
On Friday 04 December 2009 09:47:37 Lytochkin Boris wrote:
> It seems that FreeBSD 8 has ipfw fwd and pf's route-to malfunctioning:
> 1) ipfw fwd
> a) net.inet.ip.forwarding = 0
> Packets altered by fwd rule are silently dropped somewhere
> between ip_output() checking forward tag and bpf (tcpdump does not
> show these packets)
> b) net.inet.ip.forwarding = 1
> Packets altered by fwd rule are forwarded according to normal
> routing table (in my case they were forwarded to default gateway), not
> fwd statement
>
> 2) pf route-to
> Both values of net.inet.ip.forwarding replicates 1b case.
>
> Sample configs
>
> 1) ipfw
> add 60 fwd 10.60.128.254 ip from 10.60.128.0/24 to any out
> add 65534 allow ip from any to any
>
> 2) pf
> scrub in all fragment reassemble
> pass in all flags S/SA keep state
> pass out quick route-to (em0 10.60.128.254) inet from 10.60.128.0/24
> to any flags S/SA keep state
I can not reproduce this. My (cursory) test on a r197983 install suggests that
route-to is working as it should. Your rules are a bit strange and might
result in asymmetric states that can result in dropped tcp-sessions, but the
basic route-to is correct. Can you share more details about your setup:
netstat -rnfinet, pfctl -vvsr (after passing some traffic that was supposed to
hit the route-to rule) and how exactly your default gateway and the
alternative router are connected to your pf-box?
Thanks in advance.
--
Max
More information about the freebsd-net
mailing list