Oliver Brandmueller wrote: > Hello. > > On Fri, Aug 27, 2004 at 05:28:07PM +0200, Andre Oppermann wrote: > >>It detects a missing dummynet because it has to pass on configuration >>options to dummynet and it can only do that if dummynet is loaded. For >>FORWARD this is not the case. Here the ipfw code just tags the packet >>for later treatment. And that later treatment is scattered through a >>few places where we have to inspect each packet it carries this tag. >> >> >>>- How to enable it? >> >>Put "option IPFIREWALL_FORWARD" into your kernel configuration file and >>recompile. > > > I do now have IPFIREWALL and IPFIREWALL_FORWARD in the kernel and am not > loading it as a module anymore. The dmesg now states: > > ipfw2 initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled > > OK, fine. But do still have a problem: > > The rule is loaded an matched. Instead of just dropping the packet (as > before, when rule based forwarding was disabled) the pakets are now > accepted, but the forwarding does not work: > > 00200 fwd 192.168.25.1 tcp from 192.168.25.5 25 to 213.XXX.XXX.0/24 > > Is still see this on em0 (the public interface in the destination > network metioned in rule 200): > > 12:26:09.674295 IP 192.168.25.5.smtp > 213.XXX.XXX.XXX.41424: S > 3583621218:3583621218(0) ack 3993419222 win 65535 <mss 1460> > > # ipfw show > 00200 2694 118536 fwd 192.168.25.1 tcp from 192.168.25.5 25 to 213.XXX.XXX.0/24 > > packets are accepted, but not forwarded. Can anyone else reproduce this? I'm having trouble to mentally understand your setup. Could you send me you full 'ifconfig -a' and 'ipfw show' output in private email please? -- AndreReceived on Mon Sep 13 2004 - 17:37:16 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:11 UTC