From owner-freebsd-questions@FreeBSD.ORG Thu Jul 10 13:48:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A7B637B401 for ; Thu, 10 Jul 2003 13:48:16 -0700 (PDT) Received: from skippyii.compar.com (webpos.compar.com [216.208.38.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0298A43FAF for ; Thu, 10 Jul 2003 13:48:14 -0700 (PDT) (envelope-from matt@compar.com) Received: from skippyii (skippyii [216.208.38.130]) by skippyii.compar.com (8.11.3/8.11.3) with ESMTP id h6AKuCs33316; Thu, 10 Jul 2003 16:56:12 -0400 (EDT) (envelope-from matt@compar.com) Date: Thu, 10 Jul 2003 16:56:12 -0400 (EDT) From: Matthew Emmerton To: Brett Glass In-Reply-To: <200307101957.NAA01395@lariat.org> Message-ID: <20030710165545.L32209-100000@skippyii.compar.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: questions@freebsd.org Subject: Re: Dead natd -> dead system X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2003 20:48:16 -0000 On Thu, 10 Jul 2003, Brett Glass wrote: > While working with a FreeBSD system this afternoon, I did something which killed > natd (the NAT daemon), which was processing packets in the usual way via ipfw > and a divert socket. > > The result? Network communications on the system simply went dead. > > It seems to me that ipfw should be able to "self-heal" (that is, bypass the > rule) or reinvoke a daemon that's attached to a divert socket. Otherwise, > the process that's attached to the socket becomes an Achilles' heel for > the whole system. Crash it for any reason, and the system's offline. > > Ideas? Use kernel-mode IPNAT instead of user-mode natd? -- Matthew Emmerton Computer Partners IT Specialist