Re: RELENG_5 ipfw problem

From: Andre Oppermann <andre_at_freebsd.org>
Date: Mon, 13 Sep 2004 21:37:13 +0200
Oliver Brandmueller wrote:

> Hello.
> 
> On Fri, Aug 27, 2004 at 05:28:07PM +0200, Andre Oppermann wrote:
> 
>>It detects a missing dummynet because it has to pass on configuration
>>options to dummynet and it can only do that if dummynet is loaded.  For
>>FORWARD this is not the case.  Here the ipfw code just tags the packet
>>for later treatment.  And that later treatment is scattered through a
>>few places where we have to inspect each packet it carries this tag.
>>
>>
>>>- How to enable it?
>>
>>Put "option IPFIREWALL_FORWARD" into your kernel configuration file and
>>recompile.
> 
> 
> I do now have IPFIREWALL and IPFIREWALL_FORWARD in the kernel and am not 
> loading it as a module anymore. The dmesg now states:
> 
> ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled
> 
> OK, fine. But  do still have a problem:
> 
> The rule is loaded an matched. Instead of just dropping the packet (as 
> before, when rule based forwarding was disabled) the pakets are now 
> accepted, but the forwarding does not work:
> 
> 00200 fwd 192.168.25.1 tcp from 192.168.25.5 25 to 213.XXX.XXX.0/24
> 
> Is still see this on em0 (the public interface in the destination 
> network metioned in rule 200):
> 
> 12:26:09.674295 IP 192.168.25.5.smtp > 213.XXX.XXX.XXX.41424: S 
> 	3583621218:3583621218(0) ack 3993419222 win 65535 <mss 1460>
> 
> # ipfw show
> 00200   2694   118536 fwd 192.168.25.1 tcp from 192.168.25.5 25 to 213.XXX.XXX.0/24
> 
> packets are accepted, but not forwarded. Can anyone else reproduce this?

I'm having trouble to mentally understand your setup.  Could you send me
you full 'ifconfig -a' and 'ipfw show' output in private email please?

-- 
Andre
Received on Mon Sep 13 2004 - 17:37:16 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:11 UTC