misc/148928: Problem with loading of ipfw NAT rules during system startup

Fmyoen fmyoen at gmail.com
Sun Jul 25 13:30:07 UTC 2010


>Number:         148928
>Category:       misc
>Synopsis:       Problem with loading of ipfw NAT rules during system startup
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 25 13:30:06 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Fmyoen
>Release:        8.1-RELEASE
>Organization:
Fmyoen
>Environment:
FreeBSD ... 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010     root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
It looks like during system startup (in some setups?) ipdivet.ko kernel module loads later than the default /etc/rc.firewall script executes, and thus script fails to properly add NAT related ipfw rules. In my case it was this rule:

  if [ -n "${natd_interface}" ]; then
    ${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface}
  fi

This results in:

  ipfw: getsockopt(IP_FW_ADD): Invalid argument

So after every reboot I should manually run sh /etc/rc.firewall to flush and add ipfw rules once again. I've got this problem at least on two my PCs and at least one guy has similar problem as reported here http://www.opennet.ru/openforum/vsluhforumID3/69154.html#26.

Here is parts of my configuration files although I doubt it would help:

rc.conf:

  ifconfig_vr1="dhcp"
  gateway_enable="YES"

  # IPFW
  firewall_enable="YES"
  firewall_type="OPEN"

  # NAT
  natd_program="/sbin/natd"
  natd_enable="YES"
  natd_interface="vr1"
  natd_flags="-m"

sysctl.conf:

  net.inet.ip.fw.one_pass=0
>How-To-Repeat:
Reboot PC.
>Fix:
echo 'ipdivert_load="YES"' >> /boot/loader.conf causes normal rule execution during startup.

>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list