Subject: kern/25332: IP Filter 4.1.1 "fastroute" doesn't throw packet to different interface correctly
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <firstname.lastname@example.org>
Date: 04/27/2004 00:05:48
>Synopsis: "fastroute(to)" in ipf.conf doesn't work
>Arrival-Date: Mon Apr 26 15:06:00 UTC 2004
>Originator: HIROSE yuuji
>Release: NetBSD 2.0E
% ldd =ipf
-lkvm.5 => /usr/lib/libkvm.so.5
-lc.12 => /usr/lib/libc.so.12
% ident =ipf
$NetBSD: crt0.c,v 1.13 2003/07/26 19:24:27 salo Exp $
$NetBSD: skeleton.c,v 1.25 2003/08/07 11:17:54 agc Exp $
System: NetBSD tmax.yk.gentei.org 2.0E NetBSD 2.0E (TMAX) #20: Sun Apr 25 23:17:34 JST 2004 email@example.com:/sys/arch/i386/compile/TMAX i386
It doesn't seem ipf-v4 work well on fastroute.
On netbsd box which has two network interfaces;
+--- fxp0 ---+
| NetBSD box |
+--- aue0 ---+
where default route of NetBSD box is default-router.
After upgrading to ipf-v4, my NetBSD box can't throw packets to
backup-router by ipf.conf fastrouting line;
pass out on fxp0 to aue0:10.0.2.60 from 10.0.2.50 to any
which threw packets to backup-router formerly by older ipf.
I checked the link-level header with `tcpdump -e -i aue0' and
found that ipf-v4's fastroute throws the matching packets to
aue0:10.0.2.60 with MAC-address of default-router beyond fxp0. This
should be a MAC-address of backup-router beyond aue0, I think.
(According to the figure above)
After setting up tcp-port forwarding from backup-router to NetBSD box's
secondary interface(aue0); forward tcp/25 to 10.0.2.50 for example.
Trying to connect from outside.
outside% telnet Global-Address-2 25
No answer from NetBSD box with ipf-v4.
Previously(ipf-v3.4.29), we got smtp greeting message from inner NetBSD box.