From owner-svn-src-head@FreeBSD.ORG  Mon Jan 26 21:24:58 2015
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 8847A686;
 Mon, 26 Jan 2015 21:24:58 +0000 (UTC)
Received: from bigwig.baldwin.cx (bigwig.baldwin.cx [IPv6:2001:470:1f11:75::1])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5EE4694;
 Mon, 26 Jan 2015 21:24:58 +0000 (UTC)
Received: from ralph.baldwin.cx (pool-173-70-85-31.nwrknj.fios.verizon.net
 [173.70.85.31])
 by bigwig.baldwin.cx (Postfix) with ESMTPSA id B5227B93A;
 Mon, 26 Jan 2015 16:24:56 -0500 (EST)
From: John Baldwin <jhb@freebsd.org>
To: Olivier =?ISO-8859-1?Q?Cochard=2DLabb=E9?= <olivier@cochard.me>
Subject: Re: svn commit: r277714 - head/sbin/ipfw
Date: Mon, 26 Jan 2015 16:24:46 -0500
Message-ID: <2669297.0BvAQ4C19U@ralph.baldwin.cx>
User-Agent: KMail/4.14.2 (FreeBSD/10.1-STABLE; KDE/4.14.2; amd64; ; )
In-Reply-To: <CA+q+Tcr1fNz70Y6+0NeWDLx2Bszk1B0M+4_Cv2uMayBsNc6pRQ@mail.gmail.com>
References: <201501252037.t0PKbXNW070662@svn.freebsd.org>
 <CA+q+Tcr1fNz70Y6+0NeWDLx2Bszk1B0M+4_Cv2uMayBsNc6pRQ@mail.gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7
 (bigwig.baldwin.cx); Mon, 26 Jan 2015 16:24:56 -0500 (EST)
Cc: svn-src-head <svn-src-head@freebsd.org>,
 svn-src-all <svn-src-all@freebsd.org>,
 src-committers <src-committers@freebsd.org>
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jan 2015 21:24:58 -0000

On Monday, January 26, 2015 09:34:39 PM Olivier Cochard-Labb=E9 wrote:
> On Sun, Jan 25, 2015 at 9:37 PM, John Baldwin <jhb@freebsd.org> wrote=
:
> > Author: jhb
> > Date: Sun Jan 25 20:37:32 2015
> > New Revision: 277714
> > URL: https://svnweb.freebsd.org/changeset/base/277714
> >=20
> > Log:
> >   natd(8) will work with an unconfigured interface and effectively =
not do
> >   anything until the interface is assigned an address.  This fixes
> >   ipfw_nat to do the same by using an IP of INADDR_ANY instead of
> >   aborting the nat setup if the requested interface is not yet conf=
igured.
>=20
> Hi,
>=20
> I've still a problem with ipfw_nat and unconfigured interface:
> On my setup I'm using ipfw with NAT rules using an OpenVPN tunnel int=
erface
> as source address for NATting.
>=20
> During the machine startup, ipfw is started before openvpn (hopefully=
) and
> its configuration mention do to NAT using tun0 IP address.
> Then OpenVPN start and create a tun0 and set an IP address on it.
> =3D> But no unicast traffic is allowed on this tun0 interface until I=
 restart
> ipfw.
>=20
> If I correctly understand the log of this commit: This behavior shoul=
d be
> fixed by this commit, right ?

It might.  What happened for me is that I was using nat over wlan0 for =
VM's
on my laptop to reach the outside world, but wlan0 doesn't get an IP un=
til
later in the boot after it associates.  As a result, wlan0 wasn't passi=
ng any
IP traffic until this fix (or if I reloaded ipfw after wlan0 was config=
ured).

--=20
John Baldwin