David,
I tried the diff above and it worked. Thank you so much..
On Wed, 7 Apr 2021 at 16:11, David Gwynne <da...@gwynne.id.au> wrote:
> On Mon, Apr 05, 2021 at 09:51:53AM +0300, Hakan SARIMAN wrote:
> > Hello Misc,
> >
> >
> > I think divert-packet feature with NAT/NAPT is broken.
> >
> > I can not reach to web server when I use divert-packet with rdr-to.
> >
> > Is this a known bug or a new issue?
>
> There's no other options? Just those two?
>
> I think it's been around for a long time, but no one's hurt themselves
> with it because they haven't combined nat/rdr with divert-packet
> yet.
>
> I believe the diff below will fix the bug. There's some discussion going
> on behind the scenes about whether this is the right fix though.
>
> >
> > When I use divert-packet + rdr-to here is the situation:
> >
> >
> > # MY PF RULES
> >
> > pass in log quick on pppoe0 inet proto tcp from any to (pppoe0:0) port 81
> > rdr-to 10.10.12.27 port 81
> >
> > pass out log quick on vport12 inet proto tcp from any to 10.10.12.27 port
> > 81 divert-packet port 700
>
> Index: pf.c
> ===================================================================
> RCS file: /cvs/src/sys/net/pf.c,v
> retrieving revision 1.1112
> diff -u -p -r1.1112 pf.c
> --- pf.c 23 Feb 2021 11:43:40 -0000 1.1112
> +++ pf.c 5 Apr 2021 10:16:31 -0000
> @@ -6848,8 +6848,10 @@ pf_test(sa_family_t af, int fwdir, struc
> if ((*m0)->m_pkthdr.pf.flags & PF_TAG_GENERATED)
> return (PF_PASS);
>
> - if ((*m0)->m_pkthdr.pf.flags & PF_TAG_DIVERTED_PACKET)
> + if ((*m0)->m_pkthdr.pf.flags & PF_TAG_DIVERTED_PACKET) {
> + CLR((*m0)->m_pkthdr.pf.flags, PF_TAG_DIVERTED_PACKET);
> return (PF_PASS);
> + }
>
> if ((*m0)->m_pkthdr.pf.flags & PF_TAG_REFRAGMENTED) {
> (*m0)->m_pkthdr.pf.flags &= ~PF_TAG_REFRAGMENTED;
>
--
Saygılarımla,
Hakan SARIMAN
