Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Jan 2015 00:12:28 +0300
From:      Alexander V. Chernikov <melifaro@ipfw.ru>
To:        =?utf-8?B?T2xpdmllciBDb2NoYXJkLUxhYmLDqQ==?= <olivier@cochard.me>, John Baldwin <jhb@freebsd.org>
Cc:        svn-src-head <svn-src-head@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, src-committers <src-committers@freebsd.org>
Subject:   Re: svn commit: r277714 - head/sbin/ipfw
Message-ID:  <8791751422306748@web26g.yandex.ru>
In-Reply-To: <CA%2Bq%2BTcr1fNz70Y6%2B0NeWDLx2Bszk1B0M%2B4_Cv2uMayBsNc6pRQ@mail.gmail.com>
References:  <201501252037.t0PKbXNW070662@svn.freebsd.org> <CA%2Bq%2BTcr1fNz70Y6%2B0NeWDLx2Bszk1B0M%2B4_Cv2uMayBsNc6pRQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

   Â

   Â

   26.01.2015, 23:35, "Olivier Cochard-Labbé" <olivier@cochard.me>:

   On Sun, Jan 25, 2015 at 9:37 PM, John Baldwin <[1]jhb@freebsd.org>
   wrote:

     Author: jhb
     Date: Sun Jan 25 20:37:32 2015
     New Revision: 277714
     URL: [2]https://svnweb.freebsd.org/changeset/base/277714
     Log:
     Â  natd(8) will work with an unconfigured interface and effectively
     not do
       anything until the interface is assigned an address.  This fixes
     Â  ipfw_nat to do the same by using an IP of INADDR_ANY instead of
     Â  aborting the nat setup if the requested interface is not yet
     configured.
     Â

   Hi,
   I've still a problem with ipfw_nat and unconfigured interface:
   On my setup I'm using ipfw with NAT rules using an OpenVPN tunnel
   interface as source address for NATting.
   During the machine startup, ipfw is started before openvpn (hopefully)
   and its configuration mention do to NAT using tun0 IP address.
   Then OpenVPN start and create a tun0 and set an IP address on it.
   => But no unicast traffic is allowed on this tun0 interface until I
   restart ipfw.
   If I correctly understand the log of this commit: This behavior should
   be fixed by this commit, right ?

   As far as I understand, nat instance is created with an unresolved ip
   (0.0.0.0 propagated to libalias) and "tun0" interface name. After
   "tun0" creation and address assignment, kernel ipfw_nat ifaddr hook
   should take action and update libalias address to primary? IPv4
   interface address.

   Â

References

   1. mailto:jhb@freebsd.org
   2. https://svnweb.freebsd.org/changeset/base/277714

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8791751422306748>