in-kernel nat and stateful inspection hangs system 7.1 RELEASE
n j
nino80 at gmail.com
Tue Feb 17 09:36:11 PST 2009
Sorry, hit the wrong key combo and message went before I finished it :(
...
> Here is the rule that after a short while (probably the first packet
> to match the rule) freezes the machine:
>
ipfw -q flush
ipfw -q nat 123 config ip a.b.c.d log
ipfw -q disable one_pass
...
> ipfw add 00003 nat 123 log ip from x.x.x.0/24 to
> a.b.c.0/24,a.b.d.0/24,a.b.e.0/24 out # keep-state here causes freeze
> ... further down the chain...
ipfw add 00900 check-state
If anyone else experienced similar cases, I invite them to share.
Regards,
--
nino
More information about the freebsd-ipfw
mailing list