On Fri, Sep 19, 2008 at 09:56:33AM +0200, Pawel Jakub Dawidek wrote: > ...or am I missing something? > > I've a box running: > > FreeBSD whiplash.wheel.pl 7.0-STABLE FreeBSD 7.0-STABLE #0: Wed Jul 23 > 11:41:31 CEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/WHIPLASH i386 > > I'm also running PF in there with the following rule: > > rdr on fxp0 proto tcp from 10.0.1.9 to 10.0.0.2 port 88 -> 10.0.5.123 port 88 > > When I connect from 10.0.1.9 to 10.0.0.2:88 I can see redirected packet > leaving the box: > > IP 10.0.1.9.43210 > 10.0.0.2.88: S [...] > IP 10.0.1.9.43210 > 10.0.5.123.88: S [...] > > Ok. Now I've a box running: > > FreeBSD bridge.wheel.pl 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Thu Sep 11 > 13:59:06 CEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/BRIDGE i386 > > And the following PF rule: > > rdr on fxp0 proto tcp from 10.0.0.2 to 10.0.5.123 port 88 -> 10.0.1.9 port 88 > > When I connect from 10.0.0.2 to 10.0.5.123:88 I no longer see redirected > packet leaving the box: > > IP 10.0.0.2.60806 > 10.0.5.123.88: S [...] > > I tried to redirect packet on the second box with IPFW, but also failed > (yes IPFIREWALL_FORWARD was compiled in). > > Does something got broken or am I missing some configuration hint?
I downgraded to 7.0-RELEASE and the problem was still there, but I found a work-around - one needs to set net.inet.ip.forwarding to 1, even though packet is not forwarded between interfaces (everything is related to fxp0 only). -- Pawel Jakub Dawidek http://www.wheel.pl [EMAIL PROTECTED] http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am!
pgpk7QSuwhn8n.pgp
Description: PGP signature
