From nobody@FreeBSD.org  Fri Dec 29 11:21:43 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id D247116A47E
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 29 Dec 2006 11:21:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 2BB9913C47E
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 29 Dec 2006 11:21:38 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id kBT30Riu079252
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 29 Dec 2006 03:00:27 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id kBT30RF2079251;
	Fri, 29 Dec 2006 03:00:27 GMT
	(envelope-from nobody)
Message-Id: <200612290300.kBT30RF2079251@www.freebsd.org>
Date: Fri, 29 Dec 2006 03:00:27 GMT
From: Timofej Dod<hidden@4you.lt>
To: freebsd-gnats-submit@FreeBSD.org
Subject: ipfw fwd doesn't seem to work
X-Send-Pr-Version: www-3.0

>Number:         107305
>Category:       kern
>Synopsis:       [ipfw] ipfw fwd doesn't seem to work
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    linimon
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 29 11:30:15 GMT 2006
>Closed-Date:    Sat Aug 28 10:44:53 UTC 2010
>Last-Modified:  Sat Aug 28 10:44:53 UTC 2010
>Originator:     Timofej Dod
>Release:        FreeBSD 6.0-RELEASE-p16
>Organization:
>Environment:
FreeBSD inforsanas 6.0-RELEASE-p16 FreeBSD 6.0-RELEASE-p16 #1: Wed Dec 27 12:29:13 EET 2006     hidden@inforsanas:/usr/obj/usr/src/sys/INFORSANAS  i386
>Description:
Trying to set up transparent proxy, have a rule:

fwd 212.59.27.254,1031 log logamount 100 tcp from any to any dst-port 80

# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        inet 212.59.27.254 netmask 0xffffff00 broadcast 212.59.27.255
        inet 212.59.27.252 netmask 0xffffff00 broadcast 212.59.27.255
        ether 00:30:48:70:bd:d2
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

netcat not showing anything but there are lines in /var/log/security:

# nc -l 212.59.27.254 1031

kernel: ipfw: 999 Forward to 212.59.27.254:1031 TCP 212.59.27.249:60399 64.233.183.147:80 in via em0

counters on the rule also incrementing but seems packets are not being forwarded.
>How-To-Repeat:
Try to use ipfw fwd rule.
>Fix:
Not known.
>Release-Note:
>Audit-Trail:

From: Remko Lodder <remko@elvandar.org>
To: Timofej Dod <hidden@4you.lt>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/107305: ipfw fwd doesn't seem to work
Date: Fri, 29 Dec 2006 16:32:42 +0100

 So is your machine actually configured to forward packets at all?
 use ``sysctl net.inet.ip.forwarding'', if that is 0 please change it to
 1 by doing the following: ``sysctl net.inet.ip.forwarding=1''. If this
 works please dont forget to configure the option in /etc/sysctl.conf
 
 Let me know what this does please.
 -- 
 Kind regards,
 
      Remko Lodder               ** remko@elvandar.org
      FreeBSD                    ** remko@FreeBSD.org
 
      /* Quis custodiet ipsos custodes */

From: Timofej Dod <hidden@4you.lt>
To: Remko Lodder <remko@elvandar.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re[2]: kern/107305: ipfw fwd doesn't seem to work
Date: Fri, 29 Dec 2006 17:45:34 +0200

 Hi,
 
 The machine is a router.
 
 # sysctl net.inet.ip.forwarding
 net.inet.ip.forwarding: 1
 
 It is set to 1 and it doesn't help.
 
 In fact:
 
 # cat /etc/ipnat.rules
 rdr em0 from 212.59.27.249/32 to 0.0.0.0/0 port = 80 -> 212.59.27.254 port 80 tcp
 
 this works fine but i don't need it ip based I have a dummynet shaping
 there and I want all packets that are not assigned anywhere (i.e.
 blocked clients) to get redirected to our webserver so they can be
 notified that they are blocked.
 
 --
 Timofej Dod
 
 
Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Tue Apr 24 10:04:06 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=107305 

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: bug-followup@FreeBSD.org, hidden@4you.lt
Cc:  
Subject: Re: kern/107305: [ipfw] ipfw fwd doesn't seem to work
Date: Fri, 27 Apr 2007 08:46:09 +0400

 Hi,
 
 IP Address 212.59.27.254 is local for your system.
 In 6.0-RELEASE you should add IPFIREWALL_FORWARD_EXTENDED
 kernel option in your kernel config.
 
 http://www.freebsd.org/releases/6.0R/relnotes-i386.html
 
 "The ipfw(8) ipfw fwd rule now supports the full packet destination 
 manipulation when the kernel option options 
 IPFIREWALL_FORWARD_EXTENDED is specified in addition to options 
 IPFIRWALL_FORWARD. This kernel option disables all restrictions to 
 ensure proper behavior for locally generated packets and allows 
 redirection of packets destined to locally configured IP addresses. 
 Note that ipfw(8) rules have to be carefully crafted to make sure that 
 things like PMTU discovery do not break."
 
 -- 
 WBR, Andrey V. Elsukov
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Sun Feb 7 03:07:43 UTC 2010 
State-Changed-Why:  
To submitter: this PR is quite old.  Did the suggestion fix your 
problem? 


Responsible-Changed-From-To: freebsd-ipfw->linimon 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sun Feb 7 03:07:43 UTC 2010 
Responsible-Changed-Why:  

http://www.freebsd.org/cgi/query-pr.cgi?pr=107305 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Sat Aug 28 10:43:54 UTC 2010 
State-Changed-Why:  
Feedback timeout ( > 3 months). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=107305 
>Unformatted:
