First, let me apologize for the lack of details. The NAT box is currently unreachable due to this problem. I will gather more details when I get into work, but perhaps there is something obvious I am missing. I updated my -CURRENT box yesterday. After a reboot, NAT no longer works. That is, if I have natd running with ipfw diverting packets to it, the box is a big black hole. No packets leave. I do see all packets being diverted to natd, but nothing leaves the box. I have had ipfw and divert compiled into the kernel for years on that box: options IPFIREWALL options IPDIVERT Combined with an "open" firewall (i.e. firewall_type is "open"), and the following natd options in /etc/rc.conf, NAT always worked: natd_enable="YES" natd_interface="172.18.254.236" natd_flags="-s -m -skinny_port 2000" (172.18.254.236 is the IPv4 address on the em0 interface on this box. I also have IPv6 configured on this box.) I have a feeling the new ipfw code merged ~ 11 days ago is the cause of the problem. Thinking that perhaps the new modularity is causing this problem, I also added the following two options to my kernel: options IPFIREWALL_NAT options LIBALIAS They did not help. I have not tried using a purely modular ipfw/NAT combination, but I will attempt that later today. I didn't see anything obvious in UPDATING. Any suggestions, or any recommendations for specific troubleshooting data to capture? Thanks. Joe -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome_at_FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC