Bug 266439 - ipfw fwd stopped working after upgrade from 12.2 to 13.1-p2
Summary: ipfw fwd stopped working after upgrade from 12.2 to 13.1-p2
Status: Closed DUPLICATE of bug 256828
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: 13.1-RELEASE
Hardware: amd64 Any
: --- Affects Some People
Assignee: freebsd-ipfw (Nobody)
URL:
Keywords: ipfilter, regression
Depends on:
Blocks:
 
Reported: 2022-09-16 07:30 UTC by dol
Modified: 2023-07-16 06:41 UTC (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description dol 2022-09-16 07:30:09 UTC 
13.1-p2 host with 2 internet links
em0  - main link (defroute) IP1
fxp0 - backup link  IP2 --> GW2

forward outgoing backup link traffic to backup GW2
# ipfw show
00040      268       20183 fwd GW2.GW2.GW2.GW2 ip from IP2.IP2.IP2.IP2 to any out via em0
00050    10695     2271177 allow ip from any to any

Ping external host from IP2 source address
# ping -S IP2.IP2.IP2.IP2 93.180.xxx.xxx
PING 93.180.xxx.xxx (93.180.xxx.xxx) from IP2.IP2.IP2.IP2: 56 data bytes
^C
62 packets transmitted, 0 packets received, 100.0% packet loss

All traffic flow via default routing interface
# tcpdump -ni em0 host 93.180.xxx.xxx
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
02:17:49.323610 IP IP2.IP2.IP2.IP2 > 93.180.xxx.xxx: ICMP echo request, id 2079, seq 8, length 64
02:17:50.324601 IP IP2.IP2.IP2.IP2 > 93.180.xxx.xxx: ICMP echo request, id 2079, seq 9, length 64

PS: Secont test
If I ping host from external IP to IP2 icmp packet return from main link
Comment 1 Aurélien Méré 2022-10-02 10:42:57 UTC 
Hi
I encounter the same issue after upgrading from 12.3 to 13.0-p11 or 13.1-p2.

Outgoing packets go through default route instead of IP specified by fwd rule.
Thanks
Comment 2 Yuri 2022-10-28 13:07:24 UTC 
Hi
I have the same problem.
IPFW FWD rule stopped working after update from 12 to 13.1.
And I thought I was the only one with this problem.
Perhaps this is a bug in FreeBSD 13.1
Comment 3 Eugene 2023-02-15 12:15:02 UTC 
13.1-p5
the same problem - ipfw fwd stop working

patch from bug #256828 helped to resolve issue
Comment 4 fullermd 2023-03-08 00:56:04 UTC 
(just for information to save other people digging)

As bug 256828 says, this was fixed in 17c9c2049004038ed6f2dc23a64cb9f74411ec52 in stable/13 (2022-04-18).  However, checking `git merge-base stable/13 releng/13.1` shows 8824cbace389c440394bb9ea6c127d0f8f85538b (2022-03-09) as the branch point, so it landed in stable/13 too late to automatically be in 13.1, and it wasn't merged over to the releng branch (e.g, check the sys/netinet/ip_output.c log in releng/13.1; there weren't any chances since 2022-02).

So going purely by that, it's not expected to be fixed in 13.1, but will be in 13.2.
Comment 5 Aurélien Méré 2023-04-16 10:06:43 UTC 
Hi
I confirm that it's working again for me in 13.2-RELEASE.
Thanks
Comment 6 Eugene Grosbein freebsd_committer freebsd_triage 2023-07-16 06:39:54 UTC 
Fixed in 13.2-RELEASE.
Comment 7 Eugene Grosbein freebsd_committer freebsd_triage 2023-07-16 06:41:50 UTC 
Fixed in 13.2-RELEASE

*** This bug has been marked as a duplicate of bug 256828 ***