Bug 212170 - ipfw fwd does not works if defaultgateway is not assigned
Summary: ipfw fwd does not works if defaultgateway is not assigned
Status: Closed Not A Bug
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 11.0-RC1
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ipfw (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-26 06:32 UTC by doorsfan
Modified: 2021-05-10 07:59 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description doorsfan 2016-08-26 06:32:40 UTC
Google did not help me.
Easy to repeat:
2 gateways:

1. rl0=1.2.3.2/30, gateway 1.2.3.1
2. rl1 PPPoE (/usr/sbin/ppp) tun0 5.6.7.8 --> 9.10.11.12  netmask 0xffffffff

2 rules:
fwd 9.10.11.12 ip from 5.6.7.8 to not 192.168.0.0/16 out
fwd 1.2.3.1 ip from 1.2.3.2 to not 192.168.0.0/16 out

script:
gwvo=$(/sbin/ifconfig | grep "inet 5.6.7.8" | awk '{print $4}')
usualy give me '9.10.11.12'

if PPPoE provider had been in down before router booted, then 
$(gwvo) took on empty value 
and
/sbin/route change default ${gwvo}
result default route is absent
and
ping -S 1.2.3.2 8.8.8.8
answer me "no route to host"
and
fwd 1.2.3.1 ip from 1.2.3.2 to not 192.168.0.0/16 out
stop forward (and count) packets
Comment 1 Andrey V. Elsukov freebsd_committer freebsd_triage 2016-08-28 13:53:13 UTC
If ipfw rule's counter didn't increased, this means a packet doesn't matched the rule. Since you don't have gateway, system couldn't determine outbound interface. So, "out" opcode in the rule is cause, why it didn't matched.
Comment 2 Andrey V. Elsukov freebsd_committer freebsd_triage 2016-08-28 14:01:43 UTC
Also it is possible that a packet didn't reached ipfw and dropped before pfil processing. You need enable verbose logging in the rules to see what happens. Also look at the `netstat -sp ip | grep discard` counter.
Comment 3 doorsfan 2016-08-29 20:23:27 UTC
Thank You for answer!
netstat -sp ip | grep discard
is incremeting while pinging without default gateway.

I opened thread https://forums.freebsd.org/threads/57456/

I understood that router must try to router packet through the any interface (even with status "no carrier" like in experiment was described in forum) and only in such case ipfw fwd external_ip begins to work.
"The reason it probably works with a "fake" gateway is because it's sending a bunch of ICMP redirects, directing it to the proper gateway."