Subject: kern/25332: IP Filter 4.1.1 "fastroute" doesn't throw packet to different interface correctly
To: None <>
From: None <>
List: netbsd-bugs
Date: 04/27/2004 00:05:48
>Number:         25332
>Category:       kern
>Synopsis:       "fastroute(to)" in ipf.conf doesn't work
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 26 15:06:00 UTC 2004
>Originator:     HIROSE yuuji
>Release:        NetBSD 2.0E
% ldd =ipf
         -lkvm.5 => /usr/lib/
         -lc.12 => /usr/lib/
% ident =ipf
     $NetBSD: crt0.c,v 1.13 2003/07/26 19:24:27 salo Exp $
     $NetBSD: skeleton.c,v 1.25 2003/08/07 11:17:54 agc Exp $

System: NetBSD 2.0E NetBSD 2.0E (TMAX) #20: Sun Apr 25 23:17:34 JST 2004 i386
Architecture: i386
Machine: i386
It doesn't seem ipf-v4 work well on fastroute.

On netbsd box which has two network interfaces;

+--- fxp0 ---+
|            |
| NetBSD box |
|            |
+--- aue0 ---+

where default route of NetBSD box is default-router.

After upgrading to ipf-v4, my NetBSD box can't throw packets to
backup-router by ipf.conf fastrouting line;

	pass out on fxp0 to aue0: from to any

which threw packets to backup-router formerly by older ipf.

I checked the link-level header with `tcpdump -e -i aue0' and
found that ipf-v4's fastroute throws the matching packets to
aue0: with MAC-address of default-router beyond fxp0.  This
should be a MAC-address of backup-router beyond aue0, I think.


(According to the figure above)
After setting up tcp-port forwarding from backup-router to NetBSD box's
secondary interface(aue0); forward tcp/25 to for example.

Trying to connect from outside.

outside% telnet Global-Address-2 25

No answer from NetBSD box with ipf-v4.
Previously(ipf-v3.4.29), we got smtp greeting message from inner NetBSD box.