ipfw fwd on FreeBSD 8.1, does it work?

2011-07-05 Thread Unga 
Hi all

Following ipfw rule develop error indicated:
ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any 1234 out via wlan0

Error:
ipfw: getsockopt(IP_FW_ADD): Invalid argument

What I want to do is forward any packet going out of the computer to port 1234 
forward back to 127.0.0.1:1234.

There is a test daemon listening to port 1234. The wlan0 exists and used for 
all Internet traffic.

The objective is to test a daemon. In actual practice the router is expected 
forward packets passing to port 1234 to this daemon.

I have built the kernel with "options IPFIREWALL_FORWARD".

This is FreeBSD 8.1.

What's the error here? Is the rule incorrect?

Does ipfw fwd work with FreeBSD 8.1?

Can I forward packets generating in the computer back to the same computer with 
ipfw fwd?

Many thanks in advance.

Unga
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: bin/117214: ipfw(8) fwd with IPv6 treats input as IPv4

2011-07-05 Thread emaste 
Synopsis: ipfw(8) fwd with IPv6 treats input as IPv4

Responsible-Changed-From-To: freebsd-ipfw->bz
Responsible-Changed-By: emaste
Responsible-Changed-When: Tue Jul 5 13:57:09 UTC 2011
Responsible-Changed-Why: 
Sandvine has a patch to implement ipv6 fwd that bz@'s going to clean
up and get into the tree.

http://www.freebsd.org/cgi/query-pr.cgi?pr=117214
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: ipfw fwd on FreeBSD 8.1, does it work?

2011-07-05 Thread Fabian Wenk 

Hello Unga

On 05.07.2011 12:47, Unga wrote:


Following ipfw rule develop error indicated:
ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any 1234 out via wlan0

Error:
ipfw: getsockopt(IP_FW_ADD): Invalid argument


Does your kernel have 'options IPFIREWALL_FORWARD' (if this is 
needed for 8.1, I still run at 7.x)?


Else try the rule like this:
ipfw add 100 fwd 127.0.0.1 ip4 from me to any 1234 out via wlan0
or:
ipfw add 100 fwd 127.0.0.1 tcp from me to any 1234 out via wlan0

The fwd rule does only match the packets which match the rule 'ip4 
from me to any 1234 out via wlan0' (me = alias for local IP 
addresses), so they will be directed to 127.0.0.1 on the same 
destination port. Other packets not for destination port 1234 will 
just go out as usual.



bye
Fabian
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: ipfw fwd on FreeBSD 8.1, does it work?

2011-07-05 Thread Unga 


--- On Tue, 7/5/11, Fabian Wenk  wrote:

> From: Fabian Wenk 
> Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
> To: freebsd-ipfw@freebsd.org
> Date: Tuesday, July 5, 2011, 10:00 PM
> Hello Unga
> 
> On 05.07.2011 12:47, Unga wrote:
> 
> > Following ipfw rule develop error indicated:
> > ipfw add 100 fwd 127.0.0.1,1234 tcp from any to any
> 1234 out via wlan0
> > 
> > Error:
> > ipfw: getsockopt(IP_FW_ADD): Invalid argument
> 
> Does your kernel have 'options IPFIREWALL_FORWARD' (if this
> is needed for 8.1, I still run at 7.x)?
> 
> Else try the rule like this:
> ipfw add 100 fwd 127.0.0.1 ip4 from me to any 1234 out via
> wlan0
> or:
> ipfw add 100 fwd 127.0.0.1 tcp from me to any 1234 out via
> wlan0
> 
> The fwd rule does only match the packets which match the
> rule 'ip4 from me to any 1234 out via wlan0' (me = alias for
> local IP addresses), so they will be directed to 127.0.0.1
> on the same destination port. Other packets not for
> destination port 1234 will just go out as usual.
> 
> 
Hi Fabian

Thanks for the reply.

The 'options IPFIREWALL_FORWARD' is already built in the custom kernel.

Both rules you suggested develop the same error:
ipfw: getsockopt(IP_FW_ADD): Invalid argument

Unga



___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: ipfw fwd on FreeBSD 8.1, does it work?

2011-07-05 Thread Andrey V. Elsukov 
On 05.07.2011 21:20, Unga wrote:
> Thanks for the reply.
> 
> The 'options IPFIREWALL_FORWARD' is already built in the custom kernel.
> 
> Both rules you suggested develop the same error:
> ipfw: getsockopt(IP_FW_ADD): Invalid argument

Hi,

You should add 'options IPFIREWALL' in the your kernel config too.

-- 
WBR, Andrey V. Elsukov



signature.asc
Description: OpenPGP digital signature

Re: ipfw fwd on FreeBSD 8.1, does it work?

2011-07-05 Thread Unga 


--- On Wed, 7/6/11, Andrey V. Elsukov  wrote:

> From: Andrey V. Elsukov 
> Subject: Re: ipfw fwd on FreeBSD 8.1, does it work?
> To: "Unga" 
> Cc: freebsd-ipfw@freebsd.org, "Fabian Wenk" 
> Date: Wednesday, July 6, 2011, 1:51 AM
> On 05.07.2011 21:20, Unga wrote:
> > Thanks for the reply.
> > 
> > The 'options IPFIREWALL_FORWARD' is already built in
> the custom kernel.
> > 
> > Both rules you suggested develop the same error:
> > ipfw: getsockopt(IP_FW_ADD): Invalid argument
> 
> Hi,
> 
> You should add 'options IPFIREWALL' in the your kernel
> config too.
> 
> -- 
> WBR, Andrey V. Elsukov
> 

Hi Andrey

Thank you for the reply.

ipfw(8) man page for 'fwd' shows to add only the IPFIREWALL_FORWARD.

I'll add the 'options IPFIREWALL' also and rebuild all and give it a try again 
and let the list know the outcome.

Thanks everyone again.

Unga


___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: ipfw fwd on FreeBSD 8.1, does it work?

2011-07-05 Thread Fabian Wenk 

Hello Unga

On 05.07.2011 20:22, Unga wrote:


--- On Wed, 7/6/11, Andrey V. Elsukov  wrote:



 You should add 'options IPFIREWALL' in the your kernel
 config too.



ipfw(8) man page for 'fwd' shows to add only the IPFIREWALL_FORWARD.


I guess the manpage implies that 'options IPFIREWALL' is already 
there, or the module is loaded, can be done with:

  kldload ipfw

So you do not need to rebuild the kernel.


bye
Fabian
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: ipfw fwd on FreeBSD 8.1, does it work?

2011-07-05 Thread Andrey V. Elsukov 
On 05.07.2011 22:46, Fabian Wenk wrote:
>> ipfw(8) man page for 'fwd' shows to add only the IPFIREWALL_FORWARD.
> 
> I guess the manpage implies that 'options IPFIREWALL' is already there,
> or the module is loaded, can be done with:
>   kldload ipfw
> 
> So you do not need to rebuild the kernel.

fwd does not work when ipfw loaded as module.

-- 
WBR, Andrey V. Elsukov



signature.asc
Description: OpenPGP digital signature

Re: ipfw fwd on FreeBSD 8.1, does it work?

2011-07-05 Thread Fabian Wenk 

Hello Andrey

On 05.07.2011 21:04, Andrey V. Elsukov wrote:


fwd does not work when ipfw loaded as module.


Ups, did not know this exactly, thanks for clarify. But it really 
makes sense that both options are in the kernel.
After sending out my mail, it somehow crossed my mind that this 
eventually would not work. As I usually have almost all things 
needed in my custom built kernel anyway (including 
IPFIREWALL_FORWARD), I never had that problem.


Sorry Unga, you need to build a new kernel with both options.


bye
Fabian
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: kern/157239: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packets

2011-07-05 Thread ae 
Synopsis: [ipfw] [dummynet] ipfw + dummynet corrupts ipv6 packets

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Wed Jul 6 05:49:09 UTC 2011
State-Changed-Why: 
Merged to stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=157239
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: kern/157239: commit references a PR

2011-07-05 Thread dfilter service 
The following reply was made to PR kern/157239; it has been noted by GNATS.

From: dfil...@freebsd.org (dfilter service)
To: bug-follo...@freebsd.org
Cc:  
Subject: Re: kern/157239: commit references a PR
Date: Wed,  6 Jul 2011 05:43:13 + (UTC)

 Author: ae
 Date: Wed Jul  6 05:42:52 2011
 New Revision: 223817
 URL: http://svn.freebsd.org/changeset/base/223817
 
 Log:
   MFC r223358:
 Do not use SET_HOST_IPLEN() macro for IPv6 packets.
   
 PR:kern/157239
 
 Modified:
   stable/8/sys/netinet/ipfw/ip_dn_io.c
   stable/8/sys/netinet/ipfw/ip_fw_pfil.c
 Directory Properties:
   stable/8/sys/   (props changed)
   stable/8/sys/amd64/include/xen/   (props changed)
   stable/8/sys/cddl/contrib/opensolaris/   (props changed)
   stable/8/sys/contrib/dev/acpica/   (props changed)
   stable/8/sys/contrib/pf/   (props changed)
 
 Modified: stable/8/sys/netinet/ipfw/ip_dn_io.c
 ==
 --- stable/8/sys/netinet/ipfw/ip_dn_io.c   Wed Jul  6 05:40:22 2011
(r223816)
 +++ stable/8/sys/netinet/ipfw/ip_dn_io.c   Wed Jul  6 05:42:52 2011
(r223817)
 @@ -664,7 +664,6 @@ dummynet_send(struct mbuf *m)
break;
  
case DIR_OUT | PROTO_IPV6:
 -  SET_HOST_IPLEN(mtod(m, struct ip *));
ip6_output(m, NULL, NULL, IPV6_FORWARDING, NULL, NULL, 
NULL);
break;
  #endif
 
 Modified: stable/8/sys/netinet/ipfw/ip_fw_pfil.c
 ==
 --- stable/8/sys/netinet/ipfw/ip_fw_pfil.c Wed Jul  6 05:40:22 2011
(r223816)
 +++ stable/8/sys/netinet/ipfw/ip_fw_pfil.c Wed Jul  6 05:42:52 2011
(r223817)
 @@ -127,8 +127,9 @@ again:
args.rule = *((struct ipfw_rule_ref *)(tag+1));
m_tag_delete(*m0, tag);
if (args.rule.info & IPFW_ONEPASS) {
 -  SET_HOST_IPLEN(mtod(*m0, struct ip *));
 -  return 0;
 +  if (mtod(*m0, struct ip *)->ip_v == 4)
 +  SET_HOST_IPLEN(mtod(*m0, struct ip *));
 +  return (0);
}
}
  
 ___
 svn-src-...@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-src-all
 To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
 
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: kern/136695: [ipfw] [patch] fwd reached after skipto in dynamic rules does not work in every case

2011-07-05 Thread ae 
Synopsis: [ipfw] [patch] fwd reached after skipto in dynamic rules does not 
work in every case

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Wed Jul 6 06:58:11 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=136695
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

Re: kern/147720: [ipfw] ipfw dynamic rules and fwd

2011-07-05 Thread ae 
Synopsis: [ipfw] ipfw dynamic rules and fwd

State-Changed-From-To: patched->closed
State-Changed-By: ae
State-Changed-When: Wed Jul 6 06:58:55 UTC 2011
State-Changed-Why: 
Merged to stable/7 and stable/8. Thanks!

http://www.freebsd.org/cgi/query-pr.cgi?pr=147720
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"