Re: RELENG_5 ipfw problem

From: Oliver Brandmueller <ob_at_e-Gitt.NET>
Date: Fri, 27 Aug 2004 16:13:54 +0200
Hi.

On Fri, Aug 27, 2004 at 02:22:02PM +0200, Andre Oppermann wrote:
> Oliver Brandmueller wrote:
> >connection to port 25 is possible from a 192.168.25.x IP directly, but 
> >if I enable this host on the load balancer, I do only see incoming 
> >packets to port 25 on fxp0 but don't see any packets going back (on 
> >neither fxp0 now em0 not even lo0). The forwarded packets simply 
> >disappear.
> 
> Please provide the ipfw line from dmesg as well.  Then we can start to
> diagnose the problem.

champagne# dmesg | fgrep ipfw
ipfw2 initialized, divert disabled, rule-based forwarding disabled, default to deny, logging disabled

additional information can be found here:

http://the.addict.de/~ob/champagne/CHAMPAGNE		(KERNCONF)
http://the.addict.de/~ob/champagne/dmesg.champagne	(full dmesg)
http://the.addict.de/~ob/champagne/kldstat.champagne	(loaded klds)
http://the.addict.de/~ob/champagne/make.conf.champagne	(make.conf)

"rule-based forwarding disabled" seems to be the point here. But I still 
don't understand a few things then:

- I did not not see any note about this change in UPDATING?

- While this option is disabled, why can the rule then be loaded and 
  matched? If I don't enable dummynet, I cannot even load a dummynet
  rule.

- How to enable it?

I think at least there's a POLA problem.

- Oliver

-- 
| Oliver Brandmueller | Offenbacher Str. 1  | Germany       D-14197 Berlin |
| Fon +49-172-3130856 | Fax +49-172-3145027 | WWW:   http://the.addict.de/ |
|               Ich bin das Internet. Sowahr ich Gott helfe.               |
| Eine gewerbliche Nutzung aller enthaltenen Adressen ist nicht gestattet! |
Received on Fri Aug 27 2004 - 12:13:56 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:08 UTC