Hello, Andreas. If table(12) is empty, how will fwd know where to send the packets that hits it?
Best regards, Raimundo On 4 March 2014 02:58, Andreas Nilsson <andrn...@gmail.com> wrote: > Hello, > > I'm having a strange problem with ipfw and/or routing. I've only tested > this on 9.2-RELEASE-p3, amd64. The machine is sort of acting as router. The > ruleset is like (ipfw defaults to accept): > > $cmd="ipfw -fq " > > $cmd add 1 skipto 65534 log all from "table(1)" to any in recv "table(8)" > > ... > > $cmd add 65534 fwd tablearg all from "table(12)" to any > > Table 1 contains prefixes that should skip the normal rules and just pass > through the box. > > Table 8 contains interface names. > > Table 12 is empty (so far). > > What happens is that packets that trigger the first rule never get to their > destination. After looking at /var/log/security is see that packets trigger > the rule, "never to be seen again". There is a route (ie not default) for > the destination, but a tcpdump on the corresponding interface shows > nothing. > > > On changing the ruleset to > $cmd="ipfw -fq " > > $cmd add 1 skipto 65533 log all from "table(1)" to any in recv "table(8)" > > ... > > $cmd add 65533 fwd x.y.z.w ip from "table(1)" to any in recv "table(8)" > > $cmd add 65534 fwd tablearg all from "table(12)" to any > > packets get to where they should. > > > Why do I need the explict fwd rule? As far as I can see the ipfw man page > says nothing about skipto changing the packets, and since the 65533 rule in > the second ruleset triggers on the same thing as the skipto rule it would > seem like packets are "intact". Why does the kernel not forward those > packets? > > > Best regards > > Andreas Nilsson > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
