RELENG_5 ipfw problem
Oliver Brandmueller
ob at e-Gitt.NET
Fri Aug 27 07:13:57 PDT 2004
Hi.
On Fri, Aug 27, 2004 at 02:22:02PM +0200, Andre Oppermann wrote:
> Oliver Brandmueller wrote:
> >connection to port 25 is possible from a 192.168.25.x IP directly, but
> >if I enable this host on the load balancer, I do only see incoming
> >packets to port 25 on fxp0 but don't see any packets going back (on
> >neither fxp0 now em0 not even lo0). The forwarded packets simply
> >disappear.
>
> Please provide the ipfw line from dmesg as well. Then we can start to
> diagnose the problem.
champagne# dmesg | fgrep ipfw
ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled
additional information can be found here:
http://the.addict.de/~ob/champagne/CHAMPAGNE (KERNCONF)
http://the.addict.de/~ob/champagne/dmesg.champagne (full dmesg)
http://the.addict.de/~ob/champagne/kldstat.champagne (loaded klds)
http://the.addict.de/~ob/champagne/make.conf.champagne (make.conf)
"rule-based forwarding disabled" seems to be the point here. But I still
don't understand a few things then:
- I did not not see any note about this change in UPDATING?
- While this option is disabled, why can the rule then be loaded and
matched? If I don't enable dummynet, I cannot even load a dummynet
rule.
- How to enable it?
I think at least there's a POLA problem.
- Oliver
--
| Oliver Brandmueller | Offenbacher Str. 1 | Germany D-14197 Berlin |
| Fon +49-172-3130856 | Fax +49-172-3145027 | WWW: http://the.addict.de/ |
| Ich bin das Internet. Sowahr ich Gott helfe. |
| Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! |
More information about the freebsd-current
mailing list