IPFW2 verrevpath issue (IPv4 TCP, fresh kernel)

Matthias Andree matthias.andree at gmx.de
Tue Nov 25 17:26:22 PST 2003


On Tue, 25 Nov 2003, Sean Chittenden wrote:

> > Is my expectation wrong or is there a pertinent IPFW2 bug in a current
> > 5.2-BETA kernel?
> 
> You're alone in this, though cjc hasn't been able to reproduce this.
> Are you on a multi-homed system?  -sc

Sort of. I do have three xl(4) NICs in my system. xl0 and xl1 are
bridged via ng_bridge(*), IP 192.168.0.1 on one card, no IP on the
other; xl2 is the transport for tun0 (which is PPPoE in my case) and
doesn't have an IP either, so "multi-homed" might read "tun0 has an
address, xl0 has another and lo0 has a third one".

These xl* cards shouldn't matter for my problem, at the time I tested my
firewall setups, the networks were idle with no other hosts attached.


I noticed that very recently there was a bug fix that made the machine
pick the right outbound address again (which it didn't for some days or
weeks, haven't compiled kernels daily) - I wonder if it's related.
Unfortunately, I don't have a 5.1-RELEASE box here to test. Would 4.9
with IPFW2 option be sufficiently similar in IPFW2 matters that it's
worthwhile testing?



(*) I have a configuration where the bridge is to have the same IP from
    both xl0 and xl1. Traditional bridge code gets confused over ARP and
    coughs up the MACs it would need and "locks itself out",
    netgraph-bridge is fine however.


More information about the freebsd-current mailing list