Date: Mon, 26 Jan 2015 22:50:37 +0100 From: Nick Hibma <nick@van-laarhoven.org> To: =?windows-1252?Q?Olivier_Cochard-Labb=E9?= <olivier@cochard.me> Cc: svn-src-head <svn-src-head@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, src-committers <src-committers@freebsd.org>, John Baldwin <jhb@freebsd.org> Subject: Re: svn commit: r277714 - head/sbin/ipfw Message-ID: <163C05D4-6893-47A2-B427-F482A59E8FE5@van-laarhoven.org> In-Reply-To: <2669297.0BvAQ4C19U@ralph.baldwin.cx> References: <201501252037.t0PKbXNW070662@svn.freebsd.org> <CA%2Bq%2BTcr1fNz70Y6%2B0NeWDLx2Bszk1B0M%2B4_Cv2uMayBsNc6pRQ@mail.gmail.com> <2669297.0BvAQ4C19U@ralph.baldwin.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 26 Jan 2015, at 22:24, John Baldwin <jhb@freebsd.org> wrote: >=20 > On Monday, January 26, 2015 09:34:39 PM Olivier Cochard-Labb=E9 wrote: >> On Sun, Jan 25, 2015 at 9:37 PM, John Baldwin <jhb@freebsd.org> = wrote: >>> Author: jhb >>> Date: Sun Jan 25 20:37:32 2015 >>> New Revision: 277714 >>> URL: https://svnweb.freebsd.org/changeset/base/277714 >>>=20 >>> Log: >>> natd(8) will work with an unconfigured interface and effectively = not do >>> anything until the interface is assigned an address. This fixes >>> ipfw_nat to do the same by using an IP of INADDR_ANY instead of >>> aborting the nat setup if the requested interface is not yet = configured. >>=20 >> Hi, >>=20 >> I've still a problem with ipfw_nat and unconfigured interface: >> On my setup I'm using ipfw with NAT rules using an OpenVPN tunnel = interface >> as source address for NATting. >>=20 >> During the machine startup, ipfw is started before openvpn = (hopefully) and >> its configuration mention do to NAT using tun0 IP address. >> Then OpenVPN start and create a tun0 and set an IP address on it. >> =3D> But no unicast traffic is allowed on this tun0 interface until I = restart >> ipfw. >>=20 >> If I correctly understand the log of this commit: This behavior = should be >> fixed by this commit, right ? >=20 > It might. What happened for me is that I was using nat over wlan0 for = VM's > on my laptop to reach the outside world, but wlan0 doesn't get an IP = until > later in the boot after it associates. As a result, wlan0 wasn't = passing any > IP traffic until this fix (or if I reloaded ipfw after wlan0 was = configured). I don=92t think it does. The interface is not available until openvpn is = started.You need to clone the interface during boot by adding cloned_interfaces=3D=91tun0=92 in your /etc/rc.conf. Initialisation is then done later by openvpn. Let me know if that works for you. Nick=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?163C05D4-6893-47A2-B427-F482A59E8FE5>