DragonFly BSD
DragonFly bugs List (threaded) for 2005-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

IPFW2 layer2 support broken.


From: Gary Allan <dragonfly@xxxxxxxxxxxxxxx>
Date: Sat, 08 Jan 2005 20:04:49 +0000

IPFW2 appears to be broken with respect to filtering layer2 traffic. When active all incoming packets are dropped.

The logging shows incoming packets being accepted at layer2 but then not appearing at layer3. Locally generated outgoing packets are processed by IPFW2 at layer3 and layer2 and do successfully exit the router. (The resulting incoming traffic is then dropped.)

This is similar to the problem I am experiencing with certain TCP connections via divert sockets in that the packets vanish after being processed and accepted by IPFW2.


System Settings


[  Desktop   ] -------- [  DragonFly  ]
192.168.50.20            192.168.50.1

/etc/make.conf
  IPFW2= true

Kernel options
  options         IPFW2
  options         IPFIREWALL
  options         IPFIREWALL_DEFAULT_TO_ACCEPT
  options         IPFIREWALL_VERBOSE
  options         IPFIREWALL_VERBOSE_LIMIT=50
  options         RANDOM_IP_ID

sysctls
  net.inet.ip.fw.enable: 1
  net.inet.ip.fw.one_pass: 0
  net.inet.ip.fw.debug: 1
  net.inet.ip.fw.verbose: 1
  net.inet.ip.fw.verbose_limit: 50
  net.link.ether.ipfw=1

ipfw rules
  00100   4   240 allow log ip from any to any layer2
  00200   0     0 allow log ip from any to any
  65535   0     0 allow ip from any to any

logs

itx kernel: ipfw: 100 Accept ICMP:8.0 192.168.50.20 192.168.50.1 in via vr0
itx last message repeated 6 times


Regards

G.Allan



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]