kern/71910: ipfw forward does not work

Kazunori_Fujiwara fujiwara at
Sun Sep 19 10:40:24 PDT 2004

>Number:         71910
>Category:       kern
>Synopsis:       ipfw forward does not work
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 19 17:40:23 GMT 2004
>Originator:     Kazunori_Fujiwara
>Release:        FreeBSD 5.3-BETA4 i386 and 6-CURRENT
System: FreeBSD 5.3-BETA4 FreeBSD 5.3-BETA4 #5: Sat Sep 18 11:44:33 JST 2004 fujiwara at i386
System: FreeBSD tree.private 6.0-CURRENT FreeBSD 6.0-CURRENT #8: Mon Sep 20 00:38:18 JST 2004 fujiwara at tree.private:/usr/src/sys/i386/compile/TREE i386


  'ipfw fwd' don't forward packet for specified destination
when packet ip_src is the same machine's.

  I checked this on 5.3-BETA4 and 6-current


  enable kernel option IPFIREWALL and IPFIREWALL_FORWARD

  ipfw add fwd remote ip from myaddr to any


Index: ip_output.c
RCS file: /FreeBSD-CVS/src/sys/netinet/ip_output.c,v
retrieving revision
diff -u -b -r1.225.2.3 ip_output.c
--- ip_output.c	15 Sep 2004 15:07:09 -0000
+++ ip_output.c	19 Sep 2004 15:51:42 -0000
@@ -713,7 +713,7 @@
 	/* Or forward to some other address? */
 	fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL);
 	if (fwd_tag) {
-		if (!in_localip(ip->ip_src) && !in_localaddr(ip->ip_dst)) {
+		if (!in_localaddr(ip->ip_dst)) {
 			dst = (struct sockaddr_in *)&ro->ro_dst;
 			bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
 			m->m_flags |= M_SKIP_FIREWALL;

More information about the freebsd-bugs mailing list