From nobody@FreeBSD.org  Wed Sep 13 16:16:53 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BD76716A416
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 13 Sep 2006 16:16:53 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A4EC43D55
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 13 Sep 2006 16:16:53 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k8DGGog8082166
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 13 Sep 2006 16:16:51 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k8DGGorE082165;
	Wed, 13 Sep 2006 16:16:50 GMT
	(envelope-from nobody)
Message-Id: <200609131616.k8DGGorE082165@www.freebsd.org>
Date: Wed, 13 Sep 2006 16:16:50 GMT
From: Bobrov Alexey <alexey@bobroff.ru>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfw forward does not work
X-Send-Pr-Version: www-2.3

>Number:         103233
>Category:       i386
>Synopsis:       ipfw forward does not work
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-i386
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 13 16:20:22 GMT 2006
>Closed-Date:    Wed Sep 13 17:19:23 GMT 2006
>Last-Modified:  Wed Sep 13 17:20:24 GMT 2006
>Originator:     Bobrov Alexey
>Release:        FreeBSD 5.5-stable
>Organization:
Project-X
>Environment:
FreeBSD gate.club4x4.ru 5.5-STABLE FreeBSD 5.5-STABLE #0: Wed Sep 13 02:07:28 MSD 2006
>Description:
KERN ->options IPDIVERT
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_FORWARD_EXTENDED
rc.conf -> firewall_enable=yes gateway_enable=yes firewall_script=/etc/rc.fire
ifconfig_fxp0="inet 192.168.100.4  netmask 255.255.255.0"

rc.fire -> 
ipfw add 88 fwd 192.168.100.3,3128 tcp from 192.168.100.0/24 to any 80,81,8000
ipfw add 89 fwd 192.168.100.3,3128 tcp from 192.168.100.0/24 to any 8001-9000

ipfw show -> 
00088    6034     410828 fwd 192.168.100.3,3128 tcp from 192.168.100.0/24 to any dst-port 80,81,8000
00089    3132     382127 fwd 192.168.100.3,3128 tcp from 192.168.100.0/24 to any dst-port 8001-9000

But on machine 192.168.100.3 i'v got nothing  - all config was accurate working on  free 4.8 - 4.11. update was done through backup configuration (rc.conf & etc) then  full new install & kernel reassembling - IPFW FWD doesn't work!
>How-To-Repeat:
see full description
>Fix:

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: remko 
State-Changed-When: Wed Sep 13 17:19:20 UTC 2006 
State-Changed-Why:  
This is not a problem (yet), first pass it onto the IPFW team, perhaps 
something changed, if they all agree this is a problem, please contact 
me and I will reopen the PR (and include the feedback you will have so 
far). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=103233 

From: Remko Lodder <remko@FreeBSD.org>
To: Bobrov Alexey <alexey@bobroff.ru>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: i386/103233: ipfw forward does not work
Date: Wed, 13 Sep 2006 19:11:54 +0200

 Bobrov Alexey wrote:
 >> Number:         103233
 >> Category:       i386
 >> Synopsis:       ipfw forward does not work
 >> Confidential:   no
 >> Severity:       critical
 >> Priority:       high
 >> Responsible:    freebsd-i386
 >> State:          open
 >> Quarter:        
 >> Keywords:       
 >> Date-Required:
 >> Class:          sw-bug
 >> Submitter-Id:   current-users
 >> Arrival-Date:   Wed Sep 13 16:20:22 GMT 2006
 >> Closed-Date:
 >> Last-Modified:
 >> Originator:     Bobrov Alexey
 >> Release:        FreeBSD 5.5-stable
 >> Organization:
 > Project-X
 >> Environment:
 > FreeBSD gate.club4x4.ru 5.5-STABLE FreeBSD 5.5-STABLE #0: Wed Sep 13 02:07:28 MSD 2006
 >> Description:
 > KERN ->options IPDIVERT
 > options IPFIREWALL
 > options IPFIREWALL_FORWARD
 > options IPFIREWALL_FORWARD_EXTENDED
 > rc.conf -> firewall_enable=yes gateway_enable=yes firewall_script=/etc/rc.fire
 > ifconfig_fxp0="inet 192.168.100.4  netmask 255.255.255.0"
 > 
 > rc.fire -> 
 > ipfw add 88 fwd 192.168.100.3,3128 tcp from 192.168.100.0/24 to any 80,81,8000
 > ipfw add 89 fwd 192.168.100.3,3128 tcp from 192.168.100.0/24 to any 8001-9000
 > 
 > ipfw show -> 
 > 00088    6034     410828 fwd 192.168.100.3,3128 tcp from 192.168.100.0/24 to any dst-port 80,81,8000
 > 00089    3132     382127 fwd 192.168.100.3,3128 tcp from 192.168.100.0/24 to any dst-port 8001-9000
 > 
 > But on machine 192.168.100.3 i'v got nothing  - all config was accurate working on  free 4.8 - 4.11. update was done through backup configuration (rc.conf & etc) then  full new install & kernel reassembling - IPFW FWD doesn't work!
 >> How-To-Repeat:
 > see full description
 >> Fix:
 > 
 >> Release-Note:
 >> Audit-Trail:
 >> Unformatted:
 > _______________________________________________
 > freebsd-i386@freebsd.org mailing list
 > http://lists.freebsd.org/mailman/listinfo/freebsd-i386
 > To unsubscribe, send any mail to "freebsd-i386-unsubscribe@freebsd.org"
 
 Hello,
 
 I am sorry to tell you this but this is not a Problem (yet); perhaps
 some syntax changed (which could imply a Problem in the documentation)
 but I see this as a User question, can you please ask the Freebsd-ipfw
 (ipfw@FreeBSD.org) group first what they do think about this?
 
 http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
 
 is the URL you need.
 
 Cheers,
 Remko
 
 p.s. I will close this PR after I submitted this text.
 
 -- 
 Kind regards,
 
       Remko Lodder               ** remko@elvandar.org
       FreeBSD                    ** remko@FreeBSD.org
 
       /* Quis custodiet ipsos custodes */
>Unformatted:
