NAT broken in -CURRENT
Joe Marcus Clarke
marcus at FreeBSD.org
Sat Dec 26 20:25:42 UTC 2009
First, let me apologize for the lack of details. The NAT box is
currently unreachable due to this problem. I will gather more details
when I get into work, but perhaps there is something obvious I am
missing.
I updated my -CURRENT box yesterday. After a reboot, NAT no longer
works. That is, if I have natd running with ipfw diverting packets to
it, the box is a big black hole. No packets leave. I do see all
packets being diverted to natd, but nothing leaves the box. I have had
ipfw and divert compiled into the kernel for years on that box:
options IPFIREWALL
options IPDIVERT
Combined with an "open" firewall (i.e. firewall_type is "open"), and the
following natd options in /etc/rc.conf, NAT always worked:
natd_enable="YES"
natd_interface="172.18.254.236"
natd_flags="-s -m -skinny_port 2000"
(172.18.254.236 is the IPv4 address on the em0 interface on this box. I
also have IPv6 configured on this box.)
I have a feeling the new ipfw code merged ~ 11 days ago is the cause of
the problem. Thinking that perhaps the new modularity is causing this
problem, I also added the following two options to my kernel:
options IPFIREWALL_NAT
options LIBALIAS
They did not help. I have not tried using a purely modular ipfw/NAT
combination, but I will attempt that later today. I didn't see anything
obvious in UPDATING. Any suggestions, or any recommendations for
specific troubleshooting data to capture? Thanks.
Joe
--
Joe Marcus Clarke
FreeBSD GNOME Team :: gnome at FreeBSD.org
FreeNode / #freebsd-gnome
http://www.FreeBSD.org/gnome
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20091226/5e71ecd5/attachment.pgp
More information about the freebsd-current
mailing list