Re: ipfw nat drops icmp packets from localhost

Thu, 06 Oct 2011 03:42:51 -0700 

Hello, Andrey V. Elsukov!

You wrote on 06.10.2011 at 13:38:


On 06.10.2011 12:29, Oleg Strizhak wrote:

After an investigation I've found out a very strange situation - it seems to 
me, that ipfw nat drops
some (type 11?) icmp reply packets, whose udp request packets it hasn't 
rewritten/seen before, e.g:

So, I wonder whether someone else has seen the same case under the similar 
circumstances? Isn't it a
bug within ipfw nat module and is there any work-around/patch for that? I've 
surely googled, but in
vain =( The only thing, that seems alike to my problem, is
http://www.freebsd.org/cgi/query-pr.cgi?pr=129093, but the patch for 8 branch 
didn't cure anything =(


Can you describe how you did apply and test this patch?
in a usual way =) Unfortunately, copy-pasted from the mentioned above page patch couldn't be applied w/ error: 


$ patch < ~/ip_fw_nat.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- stable/8/sys/netinet/ipfw/ip_fw_nat.c      Thu Jul 7 08:33:58 2011 
(r223834)
|+++ stable/8/sys/netinet/ipfw/ip_fw_nat.c      Thu Jul 7 09:29:11 2011 
(r223835)
--------------------------
Patching file ip_fw_nat.c using Plan A...
patch: **** malformed patch at line 4: else
the same results were obtained with combinations of -p5 -l and tail +2 ~/ip_fw_nat.patch options & commands Finally, I modified the patch (which applies w/o a word =) a little bit w/o any difference to the original one: 


 $ /usr/bin/diff -wBbu3 ~/ip_fw_nat.patch ~/ip_fw_nat.patch.my
--- /root/ip_fw_nat.patch       2011-10-04 14:08:32.000000000 +0400
+++ /root/ip_fw_nat.patch.my    2011-10-04 14:29:53.000000000 +0400
@@ -1,5 +1,5 @@
---- stable/8/sys/netinet/ipfw/ip_fw_nat.c      Thu Jul 7 08:33:58 2011 
(r223834)
-+++ stable/8/sys/netinet/ipfw/ip_fw_nat.c      Thu Jul 7 09:29:11 2011 
(r223835)
+--- ip_fw_nat.c.orig   2010-12-21 20:09:25.000000000 +0300
++++ ip_fw_nat.c        2011-10-04 14:27:02.000000000 +0400
 @@ -263,17 +263,27 @@
 else
 retval = LibAliasOut(t->lib, c,


then I recompiled the kernel, rebooted server and.. all is just the same =(

WBR,
Oleg
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"

Reply via email to