Здравствуйте, Alexander V. Chernikov!
Вы писали 06.10.2011 15:16:
On 06.10.2011 14:42, Oleg Strizhak wrote:
Hello, Andrey V. Elsukov!
You wrote on 06.10.2011 at 13:38:
On 06.10.2011 12:29, Oleg Strizhak wrote:
After an investigation I've found out a very strange situation
- it seems to me, that ipfw nat drops some (type 11?) icmp
reply packets, whose udp request packets it hasn't
rewritten/seen before, e.g:
So, I wonder whether someone else has seen the same case under
the similar circumstances? Isn't it a bug within ipfw nat
module and is there any work-around/patch for that? I've surely
googled, but in vain =( The only thing, that seems alike to my
problem, is http://www.freebsd.org/cgi/query-pr.cgi?pr=129093,
but the patch for 8 branch didn't cure anything =(
Can you describe how you did apply and test this patch?
in a usual way =) Unfortunately, copy-pasted from the mentioned
above page patch couldn't be applied w/ error:
svn diff -c 223835 svn://svn.freebsd.org/base/stable/8> ~/r223835.diff
Can you try the patch attached (just to be sure) ?
sure, I can =) I'll try and then drop you a line about the results.
This is exact situation from this (and some related PRs) and this
revision definitely fixes it.
Sounds promising! Hope I've missed or neglected something, and that'd help.
Btw, what is the value of net.inet.ip.fw.one_pass sysctl ?
now it's 0. As far as I remember, I've raised one_pass to 1 -- without
any effect on the packets filtering (in my case)
Are you sure that ipfw is the single enabled firewall on this machine
? Are you sure that system is using new kernel ?
Just 10 minutes ago I was quite sure in both cases, without any doubt..
Now, as the patch you've sent to me is char-to-char the same as mine...
I'll try once more.
Thanx for help and directions!
WBR,
Oleg
!DSPAM:4e8d8e75828882115423180!
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
