IPFW and 5.2.1

• Previous message: Raphael H. Becker: "if_bge with <Broadcom BCM5703 Gigabit Ethernet, ASIC rev. 0x1002> (was: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* )"
• Next in thread: dima: "Re: IPFW and 5.2.1"
• Reply: dima: "Re: IPFW and 5.2.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 29 Sep 2004 16:48:23 +1000 (EST)
To: freebsd-net@freebsd.org, freebsd-bugs@freebsd.org

Any explanation or fix for my problem with ipfw ...

yes I did search the mailing list archives, couldnt find anything relevant.

Kernel 5.2.1, freshly loaded off CD, as in

rm -rf /usr/src/*
../install.sh base
../install.sh tools
../install.sh sys

cp ~leon/GUASS /usr/src/sys/i386/conf/GUASS
cd /usr/src
make buildkernel KERNCONF=GUASS
make installkernel KERNCONF=GUASS
reboot

Its a relatively fresh install of 5.2.1..
and a picobsd style install derived from same.

guass# ipfw -a list
00001 0 0 deny ip from any to 203.222.55.37 via rl0
65535 1287 499525 allow ip from any to any

guass# ping 203.222.55.37
PING 203.222.55.37 (203.222.55.37): 56 data bytes
64 bytes from 203.222.55.37: icmp_seq=0 ttl=255 time=0.281 ms
64 bytes from 203.222.55.37: icmp_seq=1 ttl=255 time=0.207 ms

< packets are flowing by rl0, despite the ipfw rule to stop them !,
rl0 being the only network interface 'connected' )

guass# ipfw delete 1

guass# ipfw add 1 deny ip from any to any

guass# ping 203.222.55.37

< No answer, like u would hope>

Yes, I have searched archives.

Why does "via rl0" , "in recv rl0" , "out xmit rl0" ,
(or via wi0, in recv wi0, out xmit wi0 )

Is it a known bug ?

Can't think of anything else relevant to add.
ipfw seems seriously broken in 5.2.1 ???

------------------------
Leon
leon@nelsonbay.com
Ph 02 4984 1422

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Raphael H. Becker: "if_bge with <Broadcom BCM5703 Gigabit Ethernet, ASIC rev. 0x1002> (was: Re: Strange things on GBit / 1000->100 / net.inet.tcp.inflight.* )"
• Next in thread: dima: "Re: IPFW and 5.2.1"
• Reply: dima: "Re: IPFW and 5.2.1"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: IPFW and 5.2.1 ... > guass# ping 203.222.55.37 ... Are you sure your ping requests/replies really go via rl0? ... # ipfw add deny ip from any to 203.222.55.37 via rl0 ... (freebsd-net) Re: Issue with IPFW forward ... Destination Gateway Flags Refs Use Netif Expire ... ipfw add 10 fwd 20.20.20.20 log ip from 2.2.2.2 to any ... I can see the IPFW counter increasing while the ping command ... it is still trying to go through tun1 when I believe ... (freebsd-net) Issue with IPFW forward ... ipfw add 10 fwd 20.20.20.20 log ip from 2.2.2.2 to any ... I can see the IPFW counter increasing while the ping command ... it is still trying to go through tun1 when I believe ... I can ping 20.20.20.20 without issues from the freebsd server, ... (freebsd-net) ping through ipfw giving unexpected results ... I am running ping.exe from a Windows 2003 Server machine through FreeBSD ... running ipfw, to another Windows server. ... With plr=0, I get no ping ... failures at all, and with ipfw at its defaults I get no successes, so ... (freebsd-questions) Re: natd + ipfw - very slow internet for LAN users ... userland like ipfw + natd). ... but internet is very slow. ... Ping reply is ~50ms. ... > interface ... (freebsd-questions)