From owner-svn-src-all@FreeBSD.ORG Mon Jan 26 20:35:08 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 94418183; Mon, 26 Jan 2015 20:35:08 +0000 (UTC) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 38DE2A16; Mon, 26 Jan 2015 20:35:08 +0000 (UTC) Received: by mail-wi0-f169.google.com with SMTP id h11so6736203wiw.0; Mon, 26 Jan 2015 12:35:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=e1NVB8EZIuE8bGfsi5Bx4kvo9nYaO83fQE8EYV9VUjk=; b=lQetDhvcTnx3LL/3qTiuQfMNG5DV1RutdgOSLWMh3TBookuv1a89ueC9uPrVKN9ymo y8jN2uMg0YG3wF1XxSy5w/t6HxSUbQXvQpqIg6QOmIfhd/RW2LFofr28cRfBn+SZB8Od QhvmZogn/aHOPjGMi7ccANBy/bMYA54s/kuab7FCQmmq/mIC1asuuirlGIDluBGiJmYb nn6rVLkYmoCHX2ROItCM+8JeyaekhQgqYJ5alliRDpI34rmjOqJaSmPoNngCM3eEMYg2 oKG/qEeYa4r9HPWtYdXv12QW9fI9ue1QIylIaAKeThRxQd5LfeNT43buIt/dbPtw+bkc JOoA== X-Received: by 10.180.98.228 with SMTP id el4mr9670718wib.77.1422304499565; Mon, 26 Jan 2015 12:34:59 -0800 (PST) MIME-Version: 1.0 Sender: cochard@gmail.com Received: by 10.194.61.1 with HTTP; Mon, 26 Jan 2015 12:34:39 -0800 (PST) In-Reply-To: <201501252037.t0PKbXNW070662@svn.freebsd.org> References: <201501252037.t0PKbXNW070662@svn.freebsd.org> From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= Date: Mon, 26 Jan 2015 21:34:39 +0100 X-Google-Sender-Auth: Gtw_LEU1M_RsXOeMEx6tLVy0u_w Message-ID: Subject: Re: svn commit: r277714 - head/sbin/ipfw To: John Baldwin Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: svn-src-head , svn-src-all , src-committers X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2015 20:35:08 -0000 On Sun, Jan 25, 2015 at 9:37 PM, John Baldwin wrote: > Author: jhb > Date: Sun Jan 25 20:37:32 2015 > New Revision: 277714 > URL: https://svnweb.freebsd.org/changeset/base/277714 > > Log: > natd(8) will work with an unconfigured interface and effectively not do > anything until the interface is assigned an address. This fixes > ipfw_nat to do the same by using an IP of INADDR_ANY instead of > aborting the nat setup if the requested interface is not yet configured. > > Hi, I've still a problem with ipfw_nat and unconfigured interface: On my setup I'm using ipfw with NAT rules using an OpenVPN tunnel interface as source address for NATting. During the machine startup, ipfw is started before openvpn (hopefully) and its configuration mention do to NAT using tun0 IP address. Then OpenVPN start and create a tun0 and set an IP address on it. => But no unicast traffic is allowed on this tun0 interface until I restart ipfw. If I correctly understand the log of this commit: This behavior should be fixed by this commit, right ?