From owner-svn-src-all@FreeBSD.ORG Mon Jan 26 21:50:48 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 36439177; Mon, 26 Jan 2015 21:50:48 +0000 (UTC) Received: from valery.hibma.org (valery.hibma.org [IPv6:2a02:2308::216:3eff:fe79:3a6c]) by mx1.freebsd.org (Postfix) with ESMTP id EB6AE644; Mon, 26 Jan 2015 21:50:47 +0000 (UTC) Received: from [IPv6:2001:980:530a:1:a50a:7377:3b14:392f] (unknown [IPv6:2001:980:530a:1:a50a:7377:3b14:392f]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by valery.hibma.org (Postfix) with ESMTPSA id 8D3036B9807; Mon, 26 Jan 2015 22:50:37 +0100 (CET) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.4\)) Subject: Re: svn commit: r277714 - head/sbin/ipfw From: Nick Hibma In-Reply-To: <2669297.0BvAQ4C19U@ralph.baldwin.cx> Date: Mon, 26 Jan 2015 22:50:37 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: <163C05D4-6893-47A2-B427-F482A59E8FE5@van-laarhoven.org> References: <201501252037.t0PKbXNW070662@svn.freebsd.org> <2669297.0BvAQ4C19U@ralph.baldwin.cx> To: =?windows-1252?Q?Olivier_Cochard-Labb=E9?= X-Mailer: Apple Mail (2.2070.4) Cc: svn-src-head , svn-src-all , src-committers , John Baldwin X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jan 2015 21:50:48 -0000 > On 26 Jan 2015, at 22:24, John Baldwin wrote: >=20 > On Monday, January 26, 2015 09:34:39 PM Olivier Cochard-Labb=E9 wrote: >> On Sun, Jan 25, 2015 at 9:37 PM, John Baldwin = wrote: >>> Author: jhb >>> Date: Sun Jan 25 20:37:32 2015 >>> New Revision: 277714 >>> URL: https://svnweb.freebsd.org/changeset/base/277714 >>>=20 >>> Log: >>> natd(8) will work with an unconfigured interface and effectively = not do >>> anything until the interface is assigned an address. This fixes >>> ipfw_nat to do the same by using an IP of INADDR_ANY instead of >>> aborting the nat setup if the requested interface is not yet = configured. >>=20 >> Hi, >>=20 >> I've still a problem with ipfw_nat and unconfigured interface: >> On my setup I'm using ipfw with NAT rules using an OpenVPN tunnel = interface >> as source address for NATting. >>=20 >> During the machine startup, ipfw is started before openvpn = (hopefully) and >> its configuration mention do to NAT using tun0 IP address. >> Then OpenVPN start and create a tun0 and set an IP address on it. >> =3D> But no unicast traffic is allowed on this tun0 interface until I = restart >> ipfw. >>=20 >> If I correctly understand the log of this commit: This behavior = should be >> fixed by this commit, right ? >=20 > It might. What happened for me is that I was using nat over wlan0 for = VM's > on my laptop to reach the outside world, but wlan0 doesn't get an IP = until > later in the boot after it associates. As a result, wlan0 wasn't = passing any > IP traffic until this fix (or if I reloaded ipfw after wlan0 was = configured). I don=92t think it does. The interface is not available until openvpn is = started.You need to clone the interface during boot by adding cloned_interfaces=3D=91tun0=92 in your /etc/rc.conf. Initialisation is then done later by openvpn. Let me know if that works for you. Nick=