natd starting after firewall rules are loaded
rondzierwa at comcast.net
rondzierwa at comcast.net
Sat Apr 16 18:14:51 UTC 2011
I am upgrading my firewall/router/web server machine from 4.9
to 8.2 release an am having problems with ipfw/natd. I made
basically the same defs in rc.conf to enable the firewall and natd
but I get an error during rc.firewall on the divert command saying
something about an error on the divert socket. The natd socket
number is being translated properly (8668) because i can see the
command echoed on the console.
After the firewall rules are loaded, the rc script then loads natd,
Once the system is up, i can ipfw list and the divert command is,
in fact, not there, but by this time natd is running. If I run the rc.firewall
script interactively, it completes successfully and the divert rule
is in the list, and everyone is happy again.
In 4.9 there used to be a rc.network script that started natd before
it loaded the firewall rules. I do not see it in 8.2 anymore, instead
it looks like rc simply runs the scripts in rc.d alphabetically, so natd
comes after ipfw.
I can't believe i'm the only one using ipfw and natd with 8.2, so it
seems to me that i just don't know the secret handshake that will
make it work.
does anybody have any suggestions?
thanks,
ron.
More information about the freebsd-net
mailing list