From owner-freebsd-current@FreeBSD.ORG Wed Dec 17 12:14:07 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC1511065673; Wed, 17 Dec 2008 12:14:07 +0000 (UTC) (envelope-from zec@icir.org) Received: from labs4.cc.fer.hr (labs4.cc.fer.hr [161.53.72.24]) by mx1.freebsd.org (Postfix) with ESMTP id 752A68FC22; Wed, 17 Dec 2008 12:14:07 +0000 (UTC) (envelope-from zec@icir.org) Received: from sluga.fer.hr (sluga.cc.fer.hr [161.53.72.14]) by labs4.cc.fer.hr (8.14.2/8.14.2) with ESMTP id mBHAnE08020238; Wed, 17 Dec 2008 11:49:15 +0100 (CET) Received: from [192.168.200.100] ([161.53.19.79]) by sluga.fer.hr with Microsoft SMTPSVC(6.0.3790.3959); Wed, 17 Dec 2008 11:48:42 +0100 From: Marko Zec To: freebsd-current@freebsd.org Date: Wed, 17 Dec 2008 11:48:38 +0100 User-Agent: KMail/1.9.7 References: <1229476796.49670.7.camel@shumai.marcuscom.com> <4948C7BE.7070602@oltrelinux.com> In-Reply-To: <4948C7BE.7070602@oltrelinux.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200812171148.38528.zec@icir.org> X-OriginalArrivalTime: 17 Dec 2008 10:48:42.0361 (UTC) FILETIME=[06FDF690:01C96035] X-Scanned-By: MIMEDefang 2.64 on 161.53.72.24 Cc: Joe Marcus Clarke Subject: Re: NAT (ipfw/natd) broken in latest -CURRENT X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2008 12:14:08 -0000 On Wednesday 17 December 2008 10:34:54 Paolo Pisati wrote: > Joe Marcus Clarke wrote: > > I just upgraded my i386 -CURRENT box from November 14 to today, and > > now my SSH-over-PPP VPN tunnel no longer works. I did some packet > > captures, and it appears that NAT is no longer working. If I send > > a telnet packet from my client side over the PPP tunnel, I see the > > SYN go out on the server side network properly translated. The > > destination host ACKs correctly, but the ACK never goes back across > > the tunnel. It's as if natd is no longer translating the packet on > > the inbound path. Besides the upgrade, nothing has changed in my > > environment. > > lately some work has been done on the vimage and routing tree stuff, > thus your best bet is to go back > some days and try again. Hi Joe, could you try building your kernel with options VIMAGE_GLOBALS and tell us whether this makes any difference - turning on VIMAGE_GLOBALS should revert certain aspects of virtualization changes that recently got merged into the tree. Cheers, Marko