RELENG_5 ipfw problem
andre at freebsd.org
Mon Sep 13 12:37:16 PDT 2004
Oliver Brandmueller wrote:
> On Fri, Aug 27, 2004 at 05:28:07PM +0200, Andre Oppermann wrote:
>>It detects a missing dummynet because it has to pass on configuration
>>options to dummynet and it can only do that if dummynet is loaded. For
>>FORWARD this is not the case. Here the ipfw code just tags the packet
>>for later treatment. And that later treatment is scattered through a
>>few places where we have to inspect each packet it carries this tag.
>>>- How to enable it?
>>Put "option IPFIREWALL_FORWARD" into your kernel configuration file and
> I do now have IPFIREWALL and IPFIREWALL_FORWARD in the kernel and am not
> loading it as a module anymore. The dmesg now states:
> ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled
> OK, fine. But do still have a problem:
> The rule is loaded an matched. Instead of just dropping the packet (as
> before, when rule based forwarding was disabled) the pakets are now
> accepted, but the forwarding does not work:
> 00200 fwd 192.168.25.1 tcp from 192.168.25.5 25 to 213.XXX.XXX.0/24
> Is still see this on em0 (the public interface in the destination
> network metioned in rule 200):
> 12:26:09.674295 IP 192.168.25.5.smtp > 213.XXX.XXX.XXX.41424: S
> 3583621218:3583621218(0) ack 3993419222 win 65535 <mss 1460>
> # ipfw show
> 00200 2694 118536 fwd 192.168.25.1 tcp from 192.168.25.5 25 to 213.XXX.XXX.0/24
> packets are accepted, but not forwarded. Can anyone else reproduce this?
I'm having trouble to mentally understand your setup. Could you send me
you full 'ifconfig -a' and 'ipfw show' output in private email please?
More information about the freebsd-current