From owner-freebsd-bugs  Mon Sep 18 14:12:31 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74])
	by hub.freebsd.org (Postfix) with ESMTP id 82C7037B423
	for <bugs@freebsd.org>; Mon, 18 Sep 2000 14:12:24 -0700 (PDT)
Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13])
	by wall.polstra.com (8.9.3/8.9.3) with ESMTP id OAA04282;
	Mon, 18 Sep 2000 14:12:21 -0700 (PDT)
	(envelope-from jdp@polstra.com)
From: John Polstra <jdp@polstra.com>
Received: (from jdp@localhost)
	by vashon.polstra.com (8.9.3/8.9.1) id OAA15194;
	Mon, 18 Sep 2000 14:12:20 -0700 (PDT)
	(envelope-from jdp@polstra.com)
Date: Mon, 18 Sep 2000 14:12:20 -0700 (PDT)
Message-Id: <200009182112.OAA15194@vashon.polstra.com>
To: bugs@freebsd.org
Reply-To: bugs@freebsd.org
Cc: frederik@freddym.org
Subject: Re: Bug: NATD Problems
In-Reply-To: <Pine.BSF.4.21.0009181747300.6900-100000@server.wes.mee.com>
References: <Pine.BSF.4.21.0009181747300.6900-100000@server.wes.mee.com>
Organization: Polstra & Co., Seattle, WA
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In article <Pine.BSF.4.21.0009181747300.6900-100000@server.wes.mee.com>,
Frederik Meerwaldt  <frederik@freddym.org> wrote:
> In every FreeBSD Snapshot I tested (20000214, 20000521, 20000905) I always
> got problems regarding Natd. I have a very simple /etc/rc.firewall:
> 
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via isp0
> /sbin/ipfw add pass all from any to any
> 
> And in my Kernel I have enabled IP_DIVERT and
> IP_FIREWALL_DEFAULT_TO_ACCEPT or however this option is called.
> Now my Problem: Sometimes, when I activate natd, it won't let me
> through. But sometimes everything works fine, sometimes it just stopps
> letting me through at a certain point of time... Very randomized.

I have also experienced similar problems with natd under
FreeBSD-4.1-stable.  Unfortunately as you point out, they are random
and hard to reproduce.  If you are comfortable with debugging, I
recommend that you build and install an unstripped, debugging version
of natd.  Then if/when it fails the next time you can attach to it
with gdb and perhaps figure out why it isn't working.  I installed a
debugging version of it here 6 weeks ago, but I haven't been able to
make it fail since then.

John
-- 
  John Polstra                                               jdp@polstra.com
  John D. Polstra & Co., Inc.                        Seattle, Washington USA
  "Disappointment is a good sign of basic intelligence."  -- Chögyam Trungpa



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message