site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Hello, back in 10.3.9 given this scenario: ipfw add fwd GW_IP ip from ALIAS_BACKUP telnet -s ALIAS_BACKUP www.apple.com 80 Any ideas? but that is the subject for a bug report I just submitted] Giuliano _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... Server with two aliases on en1: ALIAS_DEFAULT is a public address and is on the same logical network as the default gateway, ALIAS_BACKUP is a private address and is on the same logical network as a natting adsl router (GW_IP). It is irrelevant here that one is a public address and the other is a private one. What matters is that by setting the simple rule: would forward packets that have source ALIAS_BACKUP to the natting gateway. [please also ignore that I called this a BACKUP, the firewall rules I use actually decide which router to use according to the type of traffic] Well, in Darwin Kernel Version 9.5.0 (10.5.5, but it also seemed not to work in 10.4.x), the packets processed by the rule never appear on the en1 interface. For example if I do a tcpdump -i en1 does not show any packets. The firewall rule is called but it seems to not have any effect. The result to the telnet command is Connection refused, that is a tcp reset has been received, but I can see this RST only in the tcpdump -i lo0 as if it came from the target address, while the target address never sees the packet. [I know there might be other problems in ipfw2 as I can manage to consistently panic with: panic(cpu 0 caller 0x00153E50): "-- unknown opcode 116\n"@/SourceCache/ xnu/xnu-1228.7.58/bsd/netinet/ip_fw2.c:2163 This email sent to site_archiver@lists.apple.com