https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #7 from g_amana...@yahoo.com ---
(In reply to smithi from comment #6)
I think this has nothing to do with the local interface, simply because the
keepalive packets are generated from the *gateway* through ipfw_dyn_send_ka().
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #9 from g_amana...@yahoo.com ---
(In reply to g_amanakis from comment #8)
This poses another problem. Probably, commenting out the line will lead to
these packets being rejected from the LAN, as they originated at the gateway.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #8 from g_amana...@yahoo.com ---
Perhaps the culprit is the subfunction ipfw_send_pkt() in ipfw_dyn_send_ka().
Here the following happens:
m-m_flags |= M_SKIP_FIREWALL;
I will try commenting out the line and see if this
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
smi...@nimnet.asn.au changed:
What|Removed |Added
CC||smi...@nimnet.asn.au
---
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #2 from Ben Woods woods...@gmail.com ---
I can confirm I am also seeing some local network addresses escape out to the
Internet when using IPFW with in-kernel NAT. Indeed it appears to be the
ZeroWindow packets.
# tcpdump -n -e
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #3 from Ben Woods woods...@gmail.com ---
I also have the following in my /etc/sysctl.conf to allow packets to have more
than 1 pass through the firewall (for in-kernel NAT):
net.inet.ip.fw.one_pass=0
--
You are receiving this
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #4 from g_amana...@yahoo.com ---
I think it has to do with the keepalives produced from ip_fw_dynamic.c.
The packets go through ip_output() and this may be the reason they are not
NATed. Just my impression of skimming through
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #5 from g_amana...@yahoo.com ---
Setting net.inet.ip.fw.dyn_keepalive=0 resolves the problem.
However the bug remains as the keepalive packets should be NATed in the first
place.
--
You are receiving this mail because:
You are
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
--- Comment #1 from g_amana...@yahoo.com ---
Forgot to mention that
net.inet.ip.fw.one_pass=0
--
You are receiving this mail because:
You are the assignee for the bug.
___
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201590
Mark Linimon lini...@freebsd.org changed:
What|Removed |Added
Assignee|freebsd-b...@freebsd.org
10 matches
Mail list logo
