From owner-freebsd-questions@FreeBSD.ORG Thu Jul 10 12:57:37 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2002537B401 for ; Thu, 10 Jul 2003 12:57:37 -0700 (PDT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6463243F3F for ; Thu, 10 Jul 2003 12:57:36 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from root@localhost) by lariat.org (8.9.3/8.9.3) id NAA01395 for questions@freebsd.org; Thu, 10 Jul 2003 13:57:33 -0600 (MDT) Date: Thu, 10 Jul 2003 13:57:33 -0600 (MDT) From: Brett Glass Message-Id: <200307101957.NAA01395@lariat.org> To: questions@freebsd.org Subject: Dead natd -> dead system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2003 19:57:37 -0000 While working with a FreeBSD system this afternoon, I did something which killed natd (the NAT daemon), which was processing packets in the usual way via ipfw and a divert socket. The result? Network communications on the system simply went dead. It seems to me that ipfw should be able to "self-heal" (that is, bypass the rule) or reinvoke a daemon that's attached to a divert socket. Otherwise, the process that's attached to the socket becomes an Achilles' heel for the whole system. Crash it for any reason, and the system's offline. Ideas? --Brett Glass