List Info

Thread: Re: bpf does not see packets forwarded with ipfw fwd
Re: bpf does not see packets forwarded with ipfw fwd
country flaguser name
United States		 2008-04-12 13:10:38 
On Sat, 12 Apr 2008, Eugene Grosbein wrote:

> One of 7.0 users has reported in some cyrillic
newsgroup a problem that I 
> have reproduced in my 7.0-STABLE system. That is:
tcpdump does not show 
> locally originated outgoing IP packets that were
processed by 'ipfw fwd' 
> rule. The same configuration presents no problems with
6.3-STABLE.
>
> Consider simple schema: two FreeBSD boxes (A and B)
directly connected with 
> ethernet intefaces. The box A has another ethernet
interface and uses "ipfw 
> fwd" as its very first ipfw rule to forward some
packets to B, while these 
> packets would normally go out trough mentioned another
interface. Now, 
> tcpdump does NOT show outgoing packets but host B also
runs tcpdump on its 
> incoming interface and does see them.
>
> I double-checked all paramerets for tcpdump, all
routing tables. I even 
> connected A and B with cross-over ethernet cable,
without a switch. Still, B 
> sees incoming packets coming over the cable and A does
not see them leaving. 
> This bothers me a bit 

If you ping from host A to host B, does tcpdump see both the
ICMP echo request 
and reply on both boxes?  In principle, ipfw fwd uses the
same output paths as 
the rest of the IP stack, so it would be useful to know
whether it sees other 
outbound traffic properly or not.

Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
Re: bpf does not see packets forwarded with ipfw fwd
country flaguser name
Russian Federation		 2008-04-12 13:25:28 
On Sat, Apr 12, 2008 at 07:10:38PM +0100, Robert Watson
wrote:

> If you ping from host A to host B, does tcpdump see
both the ICMP echo 
> request and reply on both boxes?  In principle, ipfw
fwd uses the same 
> output paths as the rest of the IP stack, so it would
be useful to know 
> whether it sees other outbound traffic properly or
not.

Yes, it does. It sees oubound traffic that is not processed
with 'ipfw fwd'.
That's so funny:

1) A has IP 10.58.0.2/24 and B has. 10.58.0.1/24. From A, I
start to
ping 10.58.0.1, tcpdump shows requests and replys.
2) I add a rule: "ipfw add 5 fwd 10.58.0.1 from any to
10.58.0.1"
ping contiunes to run Ok, ipfw shows that rule maches
packes
(counters increase) but now tcpdump shows only replies. No
request.
Very funny.

Eugene Grosbein
_______________________________________________
freebsd-netfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
"freebsd-net-unsubscribefreebsd.org"
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )