Date: Thu, 10 Jul 2003 16:56:12 -0400 (EDT) From: Matthew Emmerton <matt@compar.com> To: Brett Glass <brett@lariat.org> Cc: questions@freebsd.org Subject: Re: Dead natd -> dead system Message-ID: <20030710165545.L32209-100000@skippyii.compar.com> In-Reply-To: <200307101957.NAA01395@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Jul 2003, Brett Glass wrote: > While working with a FreeBSD system this afternoon, I did something which killed > natd (the NAT daemon), which was processing packets in the usual way via ipfw > and a divert socket. > > The result? Network communications on the system simply went dead. > > It seems to me that ipfw should be able to "self-heal" (that is, bypass the > rule) or reinvoke a daemon that's attached to a divert socket. Otherwise, > the process that's attached to the socket becomes an Achilles' heel for > the whole system. Crash it for any reason, and the system's offline. > > Ideas? Use kernel-mode IPNAT instead of user-mode natd? -- Matthew Emmerton Computer Partners IT Specialist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030710165545.L32209-100000>