Date: Tue, 9 Apr 2002 00:00:05 -0700 (PDT) From: "Crist J. Clark" <cjc@FreeBSD.org> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/36895: natd does not function correctly when ipfw rules use check-state/keep-state Message-ID: <200204090700.g39705l05540@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/36895; it has been noted by GNATS. From: "Crist J. Clark" <cjc@FreeBSD.org> To: Joe Barbish <barbish@a1poweruser.com> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/36895: natd does not function correctly when ipfw rules use check-state/keep-state Date: Mon, 8 Apr 2002 23:59:16 -0700 On Mon, Apr 08, 2002 at 12:37:48PM -0700, Joe Barbish wrote: [snip] > I have an ipfw firewall rule set that exclusively uses the advaniced > statefull keep-state option. Rule set functions correctly (ie: dynamic > rules get build) when I use the nat feature of user ppp. > > When I compile the ipdivert option > into the kernel, enable the divert options in rc.conf, and add the > divert rule to the ipfw rules, my ipfw firewall stops working. All the packets get rejected by the default deny everything rule at the end of > the rule set. If I use stateless and simpile stateful rules instead of > advaniced statefull rules then the divert rule works ok. > > Acts like the divert function packet handoff to natd has a problem when > the new keep-state option is used. > >How-To-Repeat: > Build your own keep-state rule set and test. They work fine for me. Your ruleset, rc.conf(5), ifconfig(8), and 'grep -i ipfw /var/run/dmesg.boot' please? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200204090700.g39705l05540>