ipfw fwd to closed port
Slawa Olhovchenkov
slw at zxy.spb.ru
Thu Jun 9 13:16:20 UTC 2016
On Thu, Jun 09, 2016 at 09:08:33AM -0400, Kristof Provost wrote:
>
>
> On 9 Jun 2016, at 9:06, Slawa Olhovchenkov wrote:
>
> > On Thu, Jun 09, 2016 at 03:00:17PM +0200, Kristof Provost wrote:
> >
> >> On 2016-06-09 02:02:40 (+0300), Slawa Olhovchenkov <slw at zxy.spb.ru> wrote:
> >>> Forwarding by ipfw to closed local port generating RST packet with
> >>> incorrect checksun. Is this know ussuse? Need open PR?
> >>
> >> Where did you capture the packet? If you've captured the packet on the
> >> machine that generated it tcpdump may indeed claim that the checksum is
> >> wrong, because it's computed by the hardware (so after tcpdump captured
> >> it).
> >
> > On the tun0 (destination of RST packet routed to tun0).
> > tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
> > options=80000<LINKSTATE>
> > inet 192.168.4.1 --> 192.168.4.1 netmask 0xffffff00
> > inet6 fe80::240:63ff:fedc:ac9e%tun0 prefixlen 64 scopeid 0x9
> > nd6 options=21<PERFORMNUD,AUTO\_LINKLOCAL>
> > Opened by PID 1345
> >
> > tun0 don't computed checksum.
>
> I’m not sure I understand what you’re trying to say.
>
> In any case: either capture the packet outside the machine, or confirm
> that the checksum is wrong by watching the relevant netstat counters.
I am have machine with tun0 (see above) and ipfw rules:
04010 23880 2132855 fwd 127.0.0.1,3129 tcp from 192.168.0.0/16 to not me dst-port 80,3128,8080,8100-8105 recv tun0
# netstat -rn
192.168.4.0/24 192.168.4.1 UGS tun0
192.168.4.1 link#9 UH tun0
tun0 handled by coova-chilli.
Initator from network 192.168.4.0/24 (ex: 192.168.4.4) send packet to outside, 8.8.8.8 for example.
fwd on tun0 forwarded tin 127.0.0.1,3129. No listener on 127.0.0.1:3129, RST generated from 8.8.8.8:80
to 192.168.4.4:2345. This packet routed to tun0 an received by chilli.
Checksums must be correct at this point, on tun0 interface for correct handling in chilli.
More information about the freebsd-stable
mailing list