Ok, it's been a while since I posted that feedback to the PR, so I don't
really remember all the details, but I probably get what you're saying.
Let me go over my original problem:
A program ("MUX") listens on port 443 on the server. It receives requests
from clients and forwards those packets to
The following reply was made to PR kern/122963; it has been noted by GNATS.
From: n j
To: bug-follo...@freebsd.org, zub...@advancedhosters.com
Cc:
Subject: Re: kern/122963: [ipfw] tcpdump does not show packets redirected by
'ipfw fwd' on proper interface
Date: Tue, 13 Aug 2013 11:3
> On 10/19/12 4:25 AM, Andrey V. Elsukov wrote:
>>
>> Hi All,
>>
>> Many years ago i have already proposed this feature, but at that time
>> several people were against, because as they said, it could affect
>> performance. Now, when we have high speed network adapters, SMP kernel
>> and network st
On Sun, Feb 12, 2012 at 8:52 AM, Ian Smith wrote:
> On Fri, 10 Feb 2012 16:12:00 +, Bjoern A. Zeeb wrote:
> > > IPFIREWALL_FORWARD
>
> Unless something's changed, julian@ has pointed out (paraphrasing) that
> this adds bits of code to various parts of the stack and was thought to
> impact per
> That's actually a good question considering the lack of documentation. If
> that works then great, but one wonders what the ipfw_nat modules is for?
> looks like it's tied into libalias apparently a replacement for natd.
Here's my kernel configuration:
[--snip--]
options IPFIREWALL
> it's needed for the functionality.
> you need to slightly change the behaviour or the existing stack in quite a
> number of places to handle a forwarded packet.
Sorry for catching up with the thread so late, I was without Internet
connection for the last couple of days.
Thanks for all the repli
> A loadable module requires a coherent piece of code to implement the
> functionality, that can be put into the module. This option
> scatters tiny snippets of code throughout the exisitng
> TCP/UDP/IP/ipfw code.
Is that just a matter of current implementation or is that 'scatter'
necessary for f
Hello,
although this has probably been asked before, could anyone point me to
some relevant information about why fwd/forward requires kernel
recompile, i.e. it's not been made a kernel module? This prevents me
from using freebsd-update and forces me to upgrade from source which -
even though we a
> About 2 Minutes later after apply this rule set, system writes that bge1
> watchdog timeout --- resetting and then system hangs, keyboard doesnt
> response. No logs can be observed.
>
> When i remove all skipto and checkstate rules, system work properly
> without problems. I suspect about statefu
Sorry, hit the wrong key combo and message went before I finished it :(
...
> Here is the rule that after a short while (probably the first packet
> to match the rule) freezes the machine:
>
ipfw -q flush
ipfw -q nat 123 config ip a.b.c.d log
ipfw -q disable one_pass
...
> ipfw add 3 nat 123
10 matches
Mail list logo
