From owner-freebsd-questions@FreeBSD.ORG Tue Sep 14 00:39:41 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 165D016A4CE for ; Tue, 14 Sep 2004 00:39:41 +0000 (GMT) Received: from mproxy.gmail.com (mproxy.gmail.com [216.239.56.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFD1E43D41 for ; Tue, 14 Sep 2004 00:39:40 +0000 (GMT) (envelope-from dlemire@gmail.com) Received: by mproxy.gmail.com with SMTP id u22so38172cwc for ; Mon, 13 Sep 2004 17:39:35 -0700 (PDT) Received: by 10.11.98.5 with SMTP id v5mr37853cwb; Mon, 13 Sep 2004 17:39:35 -0700 (PDT) Received: by 10.11.100.14 with HTTP; Mon, 13 Sep 2004 17:39:35 -0700 (PDT) Message-ID: <32e9a1d04091317395faf7f06@mail.gmail.com> Date: Mon, 13 Sep 2004 18:39:35 -0600 From: Denis Lemire To: freebsd-questions@freebsd.org In-Reply-To: <32e9a1d04091019577dc83b3d@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <32e9a1d04091019577dc83b3d@mail.gmail.com> Subject: Re: NAT/DIVERT Issues in 5.2.1 Release X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Denis Lemire List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Sep 2004 00:39:41 -0000 I've downgraded back to 4.10 and my problems have disapeared. I'm not sure what has changed in the 5 series to cause these issues. A few observations I've made though: netstat -rn gives you a bunch of kvm_read error messages. Also the output of netstat -rn is completely corrupt (the netif, use, and expire columns show numerical garbage. Also I've noticed that any firewall rule (in IPFW) which uses an interface in the rule takes no affect whatsoever, other rules work fine (hence why my divert rule which matched the external interface didn't take any affect (confirmed via the counters in ipfw show). Not sure whats broken, I'll try again when the 5.x tree goes STABLE and see if my results vary. Until then the 4.x series should meet my needs. Thanks for the advice, especially the link to rewritten firewall section of the handbook. I will look that over when I have more time to spare.