Date: Wed, 17 Dec 2008 11:48:38 +0100 From: Marko Zec <zec@icir.org> To: freebsd-current@freebsd.org Cc: Joe Marcus Clarke <marcus@freebsd.org> Subject: Re: NAT (ipfw/natd) broken in latest -CURRENT Message-ID: <200812171148.38528.zec@icir.org> In-Reply-To: <4948C7BE.7070602@oltrelinux.com> References: <1229476796.49670.7.camel@shumai.marcuscom.com> <4948C7BE.7070602@oltrelinux.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 17 December 2008 10:34:54 Paolo Pisati wrote: > Joe Marcus Clarke wrote: > > I just upgraded my i386 -CURRENT box from November 14 to today, and > > now my SSH-over-PPP VPN tunnel no longer works. I did some packet > > captures, and it appears that NAT is no longer working. If I send > > a telnet packet from my client side over the PPP tunnel, I see the > > SYN go out on the server side network properly translated. The > > destination host ACKs correctly, but the ACK never goes back across > > the tunnel. It's as if natd is no longer translating the packet on > > the inbound path. Besides the upgrade, nothing has changed in my > > environment. > > lately some work has been done on the vimage and routing tree stuff, > thus your best bet is to go back > some days and try again. Hi Joe, could you try building your kernel with options VIMAGE_GLOBALS and tell us whether this makes any difference - turning on VIMAGE_GLOBALS should revert certain aspects of virtualization changes that recently got merged into the tree. Cheers, Marko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812171148.38528.zec>