From sec@42.org  Fri Dec 23 01:58:24 2005
Return-Path: <sec@42.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A9CB16A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 23 Dec 2005 01:58:24 +0000 (GMT)
	(envelope-from sec@42.org)
Received: from ice.42.org (ice.42.org [194.77.85.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0223643D5D
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 23 Dec 2005 01:58:23 +0000 (GMT)
	(envelope-from sec@42.org)
Received: by ice.42.org (Postfix, from userid 1000)
	id 9631054A3; Fri, 23 Dec 2005 00:54:05 +0100 (CET)
Message-Id: <20051222235405.9631054A3@ice.42.org>
Date: Fri, 23 Dec 2005 00:54:05 +0100 (CET)
From: Stefan `Sec` Zehl <sec@42.org>
Reply-To: Stefan `Sec` Zehl <sec@42.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ipfw fwd host,port is broken with udp
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         90834
>Category:       kern
>Synopsis:       ipfw fwd host,port is broken with udp
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    glebius
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Dec 23 02:00:18 GMT 2005
>Closed-Date:    Tue Jan 31 16:00:30 GMT 2006
>Last-Modified:  Tue Jan 31 16:00:30 GMT 2006
>Originator:     Stefan `Sec` Zehl
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD elvis 5.4-STABLE FreeBSD 5.4-STABLE #8: Wed Oct 26 12:55:13 CEST 2005     root@elvis:/usr/obj/usr/src/sys/ELVIS  i386


	
>Description:

Redirecting udp packets to a different local port with "ipfw fwd" fails.
The rule is matched (the counter in "ipfw show") increases, but the packet is
still delivered to the original port and thus generates an icmp packet if
nothin is listening there.

	
>How-To-Repeat:

ipfw add 100 fwd 10.1.1.3,8053 udp from any to 10.1.1.3 53
nc -vvul 10.1.1.3 8053

from another host

nc -vvu 10.1.1.3 53
<enter text>

Results in an icmp port unreachable, no text is received on the listening
netcat instance

	
>Fix:

	


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: glebius 
State-Changed-When: Tue Dec 27 08:52:17 UTC 2005 
State-Changed-Why:  
Not a bug. From ipfw(8) manual page: 

fwd | forward ipaddr[,port] 
Change the next-hop on matching packets to ipaddr, which can be 
an IP address or a host name.  The search terminates if this rule 
matches. 

If ipaddr is a local address, then matching packets will be for- 
warded to port (or the port number in the packet if one is not 
specified in the rule) on the local machine. 
If ipaddr is not a local address, then the port number (if speci- 
fied) is ignored, and the packet will be forwarded to the remote 
address, using the route as found in the local routing table for 
that IP. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=90834 
State-Changed-From-To: closed->open 
State-Changed-By: glebius 
State-Changed-When: Tue Dec 27 21:16:43 UTC 2005 
State-Changed-Why:  
Reopen the PR, sorry. 10.1.1.3 is local address. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=90834 
State-Changed-From-To: open->patched 
State-Changed-By: glebius 
State-Changed-When: Tue Jan 24 09:05:00 UTC 2006 
State-Changed-Why:  
Fixed in HEAD. 


Responsible-Changed-From-To: freebsd-bugs->glebius 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Tue Jan 24 09:05:00 UTC 2006 
Responsible-Changed-Why:  
I'm handling this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=90834 
State-Changed-From-To: patched->closed 
State-Changed-By: glebius 
State-Changed-When: Tue Jan 31 15:43:20 UTC 2006 
State-Changed-Why:  
Merged to RELENG_6. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=90834 
>Unformatted:
