ipfw2 and fwd in Darwin
ipfw2 and fwd in Darwin
- Subject: ipfw2 and fwd in Darwin
- From: Giuliano Gavazzi <email@hidden>
- Date: Mon, 13 Oct 2008 01:05:05 +0200
Hello,
back in 10.3.9 given this scenario:
Server with two aliases on en1: ALIAS_DEFAULT is a public address and
is on the same logical network as the default gateway, ALIAS_BACKUP is
a private address and is on the same logical network as a natting adsl
router (GW_IP). It is irrelevant here that one is a public address and
the other is a private one. What matters is that by setting the simple
rule:
ipfw add fwd GW_IP ip from ALIAS_BACKUP
would forward packets that have source ALIAS_BACKUP to the natting
gateway.
[please also ignore that I called this a BACKUP, the firewall rules I
use actually decide which router to use according to the type of
traffic]
Well, in Darwin Kernel Version 9.5.0 (10.5.5, but it also seemed not
to work in 10.4.x), the packets processed by the rule never appear on
the en1 interface. For example if I do
telnet -s ALIAS_BACKUP www.apple.com 80
a tcpdump -i en1 does not show any packets. The firewall rule is
called but it seems to not have any effect. The result to the telnet
command is Connection refused, that is a tcp reset has been received,
but I can see this RST only in the tcpdump -i lo0 as if it came from
the target address, while the target address never sees the packet.
Any ideas?
[I know there might be other problems in ipfw2 as I can manage to
consistently panic with:
panic(cpu 0 caller 0x00153E50): "-- unknown opcode 116\n"@/SourceCache/
xnu/xnu-1228.7.58/bsd/netinet/ip_fw2.c:2163
but that is the subject for a bug report I just submitted]
Giuliano
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden