Date: Sun, 7 Jul 2002 23:35:46 +0200 From: Szilveszter Adam <sziszi@bsd.hu> To: freebsd-current@freebsd.org Subject: problems with natd, ipfw Message-ID: <20020707213546.GA743@fonix.adamsfamily.xx>
next in thread | raw e-mail | index | archive | help
Hello everybody, I upgraded to yesterday's -CURRENT and have made a few observations: 1) The natd does not work. This is known, but I have tracked it to its interaction with libalias, which means that any program that uses libalias functions is also affected (and indeed, ppp(8)'s -nat option does not work either). If I downgrade the file src/sys/netinet/ip_fw.h to the version from June 27, and recompile libalias and natd, things will work. 2) and much more alarmingly: Although the new ipfw really seems to process the ruleset faster, some rules appear to do nothing! I have a "default-to-deny" setup, so theoretically this should mean that I should be cut off from the net if the allow rules do not work. And indeed, flushing all rules gives the expected behaviour. But as soon as I load the ruleset file (which is the same as previously and then it worked as expected) the fw becomes wide-open, the only rules that appear to work are the divert for natd, and the allow rules. But the deny rules do nothing, it seems that even the "catch-all" implicit deny rule at the bottom does nothing. Am I going insane, or is this real? Also, I have observed that when loading the rules from the ruleset file, ipfw prints two lines for each, one with the expected rule number and one with all zeros. I don't know if it's significant though. It is like this: 00000 deny log ip from any to any 03600 deny log ip from any to any This did not happen previously... -- Regards: Szilveszter ADAM Szombathely Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020707213546.GA743>