[Bug 191343] New: ipnat error at boot disables active sessions

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Jun 24 14:45:19 UTC 2014 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191343

            Bug ID: 191343
           Summary: ipnat error at boot disables active sessions
           Product: Base System
           Version: 10.0-STABLE
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: David.Boyd49 at twc.com

Customer upgraded 2 test systems to release/10.0.0 and then to releng/10.0
(10.0-RELEASE-p5).  With same ipnat configuration as used in 9.2-RELEASE, ipnat
didn't create active sessions. Customer then rebooted system and ipnat
functionality returned.  A subsequent reboot disabled ipnat again.

Customer reported this problem to me. Skeptically, I agreed to visit site.

The console log for the failing ipnat reports an error at boot:

IP Filter: v5.1.2 initialized, default = pass all, logging = enabled
Enabling ipfilter
Installing NAT rules.
0 entries flushed from NAT table
0 entries flushed from NAT list
in=0x801406600:SIOCSTPUT:no such process

Now the weird part:

On reboot (shutdown -r now) the SIOCSTPUT error is not reported and ipnat
works.

On reboot (shutdown -r now) the SIOCSTPUT error returns and ipnat fails.

After a hard reset or power off/power on the SIOCSTPUT error "always" returns
and ipnat fails (20+ attempts) and then the every other reboot cycle begins
again (50+ attempts).

Hardware is Supermicro PDSME+ motherboard with quad-core Intel Xeon (2.66 Ghz)
and 4 GB memory

I have verified the kernel configuration is simply

include GENERIC
ident SUPERMICRO

I rebuilt customer's system with stable/10 as of 06/20/2014 ... no change.

I have /etc/ipf.rules, /etc/ipnat.rules, /etc/rc.conf, kernel config files in
my possession.

I also have acquired one of the test machines so patching, rebuilding and
testing are possible.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list