From owner-freebsd-bugs@FreeBSD.ORG Tue Sep 11 04:43:13 2007 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B3E2716A41B for ; Tue, 11 Sep 2007 04:43:13 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp5.yandex.ru (smtp5.yandex.ru [87.250.248.71]) by mx1.freebsd.org (Postfix) with ESMTP id 0B42113C45B for ; Tue, 11 Sep 2007 04:43:12 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([77.72.136.145]:47045 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S1053997AbXIKEnA (ORCPT ); Tue, 11 Sep 2007 08:43:00 +0400 X-Comment: RFC 2476 MSA function at smtp5.yandex.ru logged sender identity as: bu7cher Message-ID: <46E61CD2.3090207@yandex.ru> Date: Tue, 11 Sep 2007 08:42:58 +0400 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: Joe References: <200709101630.l8AGUAU7037730@freefall.freebsd.org> In-Reply-To: <200709101630.l8AGUAU7037730@freefall.freebsd.org> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-bugs@FreeBSD.org Subject: Re: misc/116238: natd/ipfw not maintaining interface of udp packets (maybe tcp too?) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Sep 2007 04:43:13 -0000 Joe wrote: > Funny that you mention the 'divert rules'. I have firewall rules t= > hat have been in use since about 4.2 and worked fine when I upgraded my old= > 4.2 box up to 5.x and 6.x and all the way up to 6.2 p6. I have a new box = > that I installed fresh with 6.2 p7 and the old dhcpd binary that was built = > prior to this, works fine with my firewall rules. The new dhcpd binary bui= > lt with 6.2 p7 which uses the same config as the old one and is the same ve= > rsion ( binaries differ though ) gets a packet in on INT_IFACE and then the= > reply gets broadcast out EXT_IFACE. I am using the divert rule on the EXT= > _IFACE ONLY! =20 I think this problem is not related with ipfw nor with natd. First of inspect your configs once again. Second, check build configuration for your dhcpd. Is it the same? -- WBR, Andrey V. Elsukov