[Bug 250434] ipfw: ipfw fwd broken in 12.2
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Oct 18 13:06:12 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250434
Bug ID: 250434
Summary: ipfw: ipfw fwd broken in 12.2
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: brnrd at freebsd.org
After upgrading from 12.1-p8 adm64 to 12.2-RC2, I ran into a regression with
ipfw fwd.
My ipfw config has some fwd rules early in the ruleset to forward traffic to
service-jails.
> 00070 fwd 192.0.2.8 tcp from not 192.0.2.0/24 to 192.0.2.1 80,443
> 00071 fwd 192.0.2.2 tcp from not 192.0.2.0/24 to 192.0.2.1 25,587
> 00072 fwd 192.0.2.4 tcp from not 192.0.2.0/24 to 192.0.2.1 9001,9030
> 00073 fwd 192.0.2.11 ip from not 192.0.2.0/24 to 192.0.2.1 54321
> 00074 fwd 192.0.2.7 tcp from not me to 192.0.2.1,192.0.2.8 4242
> 00075 fwd 192.0.2.9 tcp from not 192.0.2.0/24 to 192.0.2.1 993,995
these are a work-around for the crappy Fritz!box router that can't handle
multiple IP-addresses on a single MAC.
After the 12.2 upgrade, this no longer worked. ipfw list output:
> 00070 fwd 192.0.2.8,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 80,443
> 00071 fwd 192.0.2.2,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 25,587
> 00072 fwd 192.0.2.4,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 9001,9030
> 00073 fwd 192.0.2.11,28786 ip from not 192.0.2.0/24 to 192.0.2.1 54321
> 00074 fwd 192.0.2.7,28786 tcp from not me to 192.0.2.1,192.0.2.8 4242
> 00075 fwd 192.0.2.9,28786 tcp from not 192.0.2.0/24 to 192.0.2.1 993,995
tcpdump showed only SYN packets on the interface, nothing else.
The additional service-jail IP-addresses are also bound to the same interface
em0.
Please let me know how I can assist in solving this issue!
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list