On Sat, 2009-12-26 at 22:21 +0100, Luigi Rizzo wrote: > On Sat, Dec 26, 2009 at 03:25:38PM -0500, Joe Marcus Clarke wrote: > ... > > I updated my -CURRENT box yesterday. After a reboot, NAT no longer > > works. That is, if I have natd running with ipfw diverting packets to > > it, the box is a big black hole. No packets leave. I do see all > ... > > I have a feeling the new ipfw code merged ~ 11 days ago is the cause of > > the problem. Thinking that perhaps the new modularity is causing this > > problem, I also added the following two options to my kernel: > > > > options IPFIREWALL_NAT > > options LIBALIAS > > > > They did not help. I have not tried using a purely modular ipfw/NAT > > combination, but I will attempt that later today. I didn't see anything > > obvious in UPDATING. Any suggestions, or any recommendations for > > specific troubleshooting data to capture? Thanks. > > the changes were not expected to affect configuration or operation > so clearly i must have broken something in the reinjection process. > If you have a chance of looking at the ipfw counters (to see whether > packets are reinjected and where they end up) that would be helpful. > I'll try to run some tests here tomorrow or more likely on monday. As I recall, the divert line (rule 50) had a huge counter value (even after a reboot), but the other rule (i.e. the permit any any rule) had very few packets. I will gather some more concrete numbers later today. Thanks for looking into it. Joe -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome_at_FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:59 UTC