From owner-svn-src-all@FreeBSD.ORG Mon Jan 26 21:12:45 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5D939BC1; Mon, 26 Jan 2015 21:12:45 +0000 (UTC) Received: from forward20.mail.yandex.net (forward20.mail.yandex.net [IPv6:2a02:6b8:0:1402::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CB8A7ED3; Mon, 26 Jan 2015 21:12:44 +0000 (UTC) Received: from web26g.yandex.ru (web26g.yandex.ru [95.108.253.235]) by forward20.mail.yandex.net (Yandex) with ESMTP id 2CED51041AFC; Tue, 27 Jan 2015 00:12:30 +0300 (MSK) Received: from 127.0.0.1 (localhost [127.0.0.1]) by web26g.yandex.ru (Yandex) with ESMTP id 54ED343C0E2A; Tue, 27 Jan 2015 00:12:29 +0300 (MSK) Received: by web26g.yandex.ru with HTTP; Tue, 27 Jan 2015 00:12:28 +0300 From: Alexander V. Chernikov To: =?utf-8?B?T2xpdmllciBDb2NoYXJkLUxhYmLDqQ==?= , John Baldwin In-Reply-To: References: <201501252037.t0PKbXNW070662@svn.freebsd.org> Subject: Re: svn commit: r277714 - head/sbin/ipfw Message-Id: <8791751422306748@web26g.yandex.ru> X-Mailer: Yamail [ http://yandex.ru ] 5.0 Date: Tue, 27 Jan 2015 00:12:28 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: svn-src-head , svn-src-all , src-committers X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2015 21:12:45 -0000   26.01.2015, 23:35, "Olivier Cochard-Labbé" : On Sun, Jan 25, 2015 at 9:37 PM, John Baldwin <[1]jhb@freebsd.org> wrote: Author: jhb Date: Sun Jan 25 20:37:32 2015 New Revision: 277714 URL: [2]https://svnweb.freebsd.org/changeset/base/277714 Log:  natd(8) will work with an unconfigured interface and effectively not do  anything until the interface is assigned an address. This fixes  ipfw_nat to do the same by using an IP of INADDR_ANY instead of  aborting the nat setup if the requested interface is not yet configured.  Hi, I've still a problem with ipfw_nat and unconfigured interface: On my setup I'm using ipfw with NAT rules using an OpenVPN tunnel interface as source address for NATting. During the machine startup, ipfw is started before openvpn (hopefully) and its configuration mention do to NAT using tun0 IP address. Then OpenVPN start and create a tun0 and set an IP address on it. => But no unicast traffic is allowed on this tun0 interface until I restart ipfw. If I correctly understand the log of this commit: This behavior should be fixed by this commit, right ? As far as I understand, nat instance is created with an unresolved ip (0.0.0.0 propagated to libalias) and "tun0" interface name. After "tun0" creation and address assignment, kernel ipfw_nat ifaddr hook should take action and update libalias address to primary? IPv4 interface address.  References 1. mailto:jhb@freebsd.org 2. https://svnweb.freebsd.org/changeset/base/277714