From owner-freebsd-ipfw@FreeBSD.ORG Wed Jul 14 02:08:40 2010 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 619F41065676 for ; Wed, 14 Jul 2010 02:08:40 +0000 (UTC) (envelope-from candy-sendpr@kgc.co.jp) Received: from ns.kgc.co.jp (ns.kgc.co.jp [210.163.35.34]) by mx1.freebsd.org (Postfix) with SMTP id CC0738FC19 for ; Wed, 14 Jul 2010 02:08:39 +0000 (UTC) Received: (qmail 91070 invoked from network); 14 Jul 2010 10:41:57 +0900 Received: from unknown (HELO localhost) (172.30.2.3) by ika6.kgc.co.jp with SMTP; 14 Jul 2010 10:41:57 +0900 Date: Wed, 14 Jul 2010 10:41:57 +0900 (JST) Message-Id: <20100714.104157.59462157.candy@kgc.co.jp> To: bug-followup@FreeBSD.org, vnovy@vnovy.ne, freebsd-ipfw@FreeBSD.org From: candy-sendpr@kgc.co.jp X-Mailer: Mew version 5.2 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: candy-sendpr@kgc.co.jp Subject: Re: conf/148137: [ipfw] call order of natd and ipfw startup scripts X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jul 2010 02:08:40 -0000 Fix: Just copy 8.0-RELEASE version /etc/rc.d/ipfw script to your 8.1 box :-) It seems /etc/rc.d/ipfw 1.21.2.2's bug. It moved `/etc/rc.d/natd quietstart' sequence from ipfw_start() to ipfw_poststart(). Natd(8) must be started before ipfw(8) rules are proceeded. Should be in ipfw_prestart() or ipfw_start(). > From 8.0-RELEASE ipfw startup script doesn't call natd startup script. > Also there is no information about call order of ipfw a natd startup > script. On my system ipfw is called before natd. If ipdivert module is > not loaded using loader.conf, natd loads it, but ipfw running before fail > to install divert rules. KANDA Toshihiro