From nobody@FreeBSD.org Fri Dec 29 11:21:43 2006 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D247116A47E for ; Fri, 29 Dec 2006 11:21:38 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [69.147.83.33]) by mx1.freebsd.org (Postfix) with ESMTP id 2BB9913C47E for ; Fri, 29 Dec 2006 11:21:38 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id kBT30Riu079252 for ; Fri, 29 Dec 2006 03:00:27 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id kBT30RF2079251; Fri, 29 Dec 2006 03:00:27 GMT (envelope-from nobody) Message-Id: <200612290300.kBT30RF2079251@www.freebsd.org> Date: Fri, 29 Dec 2006 03:00:27 GMT From: Timofej Dod To: freebsd-gnats-submit@FreeBSD.org Subject: ipfw fwd doesn't seem to work X-Send-Pr-Version: www-3.0 >Number: 107305 >Category: kern >Synopsis: [ipfw] ipfw fwd doesn't seem to work >Confidential: no >Severity: non-critical >Priority: medium >Responsible: linimon >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 29 11:30:15 GMT 2006 >Closed-Date: Sat Aug 28 10:44:53 UTC 2010 >Last-Modified: Sat Aug 28 10:44:53 UTC 2010 >Originator: Timofej Dod >Release: FreeBSD 6.0-RELEASE-p16 >Organization: >Environment: FreeBSD inforsanas 6.0-RELEASE-p16 FreeBSD 6.0-RELEASE-p16 #1: Wed Dec 27 12:29:13 EET 2006 hidden@inforsanas:/usr/obj/usr/src/sys/INFORSANAS i386 >Description: Trying to set up transparent proxy, have a rule: fwd 212.59.27.254,1031 log logamount 100 tcp from any to any dst-port 80 # ifconfig em0: flags=8843 mtu 1500 options=b inet 212.59.27.254 netmask 0xffffff00 broadcast 212.59.27.255 inet 212.59.27.252 netmask 0xffffff00 broadcast 212.59.27.255 ether 00:30:48:70:bd:d2 media: Ethernet autoselect (100baseTX ) status: active netcat not showing anything but there are lines in /var/log/security: # nc -l 212.59.27.254 1031 kernel: ipfw: 999 Forward to 212.59.27.254:1031 TCP 212.59.27.249:60399 64.233.183.147:80 in via em0 counters on the rule also incrementing but seems packets are not being forwarded. >How-To-Repeat: Try to use ipfw fwd rule. >Fix: Not known. >Release-Note: >Audit-Trail: From: Remko Lodder To: Timofej Dod Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/107305: ipfw fwd doesn't seem to work Date: Fri, 29 Dec 2006 16:32:42 +0100 So is your machine actually configured to forward packets at all? use ``sysctl net.inet.ip.forwarding'', if that is 0 please change it to 1 by doing the following: ``sysctl net.inet.ip.forwarding=1''. If this works please dont forget to configure the option in /etc/sysctl.conf Let me know what this does please. -- Kind regards, Remko Lodder ** remko@elvandar.org FreeBSD ** remko@FreeBSD.org /* Quis custodiet ipsos custodes */ From: Timofej Dod To: Remko Lodder Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re[2]: kern/107305: ipfw fwd doesn't seem to work Date: Fri, 29 Dec 2006 17:45:34 +0200 Hi, The machine is a router. # sysctl net.inet.ip.forwarding net.inet.ip.forwarding: 1 It is set to 1 and it doesn't help. In fact: # cat /etc/ipnat.rules rdr em0 from 212.59.27.249/32 to 0.0.0.0/0 port = 80 -> 212.59.27.254 port 80 tcp this works fine but i don't need it ip based I have a dummynet shaping there and I want all packets that are not assigned anywhere (i.e. blocked clients) to get redirected to our webserver so they can be notified that they are blocked. -- Timofej Dod Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: linimon Responsible-Changed-When: Tue Apr 24 10:04:06 UTC 2007 Responsible-Changed-Why: Over to maintainer(s). http://www.freebsd.org/cgi/query-pr.cgi?pr=107305 From: "Andrey V. Elsukov" To: bug-followup@FreeBSD.org, hidden@4you.lt Cc: Subject: Re: kern/107305: [ipfw] ipfw fwd doesn't seem to work Date: Fri, 27 Apr 2007 08:46:09 +0400 Hi, IP Address 212.59.27.254 is local for your system. In 6.0-RELEASE you should add IPFIREWALL_FORWARD_EXTENDED kernel option in your kernel config. http://www.freebsd.org/releases/6.0R/relnotes-i386.html "The ipfw(8) ipfw fwd rule now supports the full packet destination manipulation when the kernel option options IPFIREWALL_FORWARD_EXTENDED is specified in addition to options IPFIRWALL_FORWARD. This kernel option disables all restrictions to ensure proper behavior for locally generated packets and allows redirection of packets destined to locally configured IP addresses. Note that ipfw(8) rules have to be carefully crafted to make sure that things like PMTU discovery do not break." -- WBR, Andrey V. Elsukov State-Changed-From-To: open->feedback State-Changed-By: linimon State-Changed-When: Sun Feb 7 03:07:43 UTC 2010 State-Changed-Why: To submitter: this PR is quite old. Did the suggestion fix your problem? Responsible-Changed-From-To: freebsd-ipfw->linimon Responsible-Changed-By: linimon Responsible-Changed-When: Sun Feb 7 03:07:43 UTC 2010 Responsible-Changed-Why: http://www.freebsd.org/cgi/query-pr.cgi?pr=107305 State-Changed-From-To: feedback->closed State-Changed-By: linimon State-Changed-When: Sat Aug 28 10:43:54 UTC 2010 State-Changed-Why: Feedback timeout ( > 3 months). http://www.freebsd.org/cgi/query-pr.cgi?pr=107305 >Unformatted: