Date: Sat, 26 Dec 2009 15:25:38 -0500 From: Joe Marcus Clarke <marcus@FreeBSD.org> To: FreeBSD Current <freebsd-current@FreeBSD.org> Cc: luigi@FreeBSD.org Subject: NAT broken in -CURRENT Message-ID: <1261859138.1555.26.camel@shumai.marcuscom.com>
next in thread | raw e-mail | index | archive | help
--=-hg5eNryG+4RlsTuyp1mF Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable First, let me apologize for the lack of details. The NAT box is currently unreachable due to this problem. I will gather more details when I get into work, but perhaps there is something obvious I am missing. I updated my -CURRENT box yesterday. After a reboot, NAT no longer works. That is, if I have natd running with ipfw diverting packets to it, the box is a big black hole. No packets leave. I do see all packets being diverted to natd, but nothing leaves the box. I have had ipfw and divert compiled into the kernel for years on that box: options IPFIREWALL options IPDIVERT Combined with an "open" firewall (i.e. firewall_type is "open"), and the following natd options in /etc/rc.conf, NAT always worked: natd_enable=3D"YES" natd_interface=3D"172.18.254.236" natd_flags=3D"-s -m -skinny_port 2000" (172.18.254.236 is the IPv4 address on the em0 interface on this box. I also have IPv6 configured on this box.) I have a feeling the new ipfw code merged ~ 11 days ago is the cause of the problem. Thinking that perhaps the new modularity is causing this problem, I also added the following two options to my kernel: options IPFIREWALL_NAT options LIBALIAS They did not help. I have not tried using a purely modular ipfw/NAT combination, but I will attempt that later today. I didn't see anything obvious in UPDATING. Any suggestions, or any recommendations for specific troubleshooting data to capture? Thanks. Joe --=20 Joe Marcus Clarke FreeBSD GNOME Team :: gnome@FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome --=-hg5eNryG+4RlsTuyp1mF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEABECAAYFAks2cT0ACgkQb2iPiv4Uz4e9kwCgoNZzWV2SzgWQnAf7sOZlm2Im 9QQAni+hqsI1b0r+ZiX1pXsaELfyR2YF =JB4E -----END PGP SIGNATURE----- --=-hg5eNryG+4RlsTuyp1mF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1261859138.1555.26.camel>