Dead natd -> dead system
Matthew Emmerton
matt at compar.com
Thu Jul 10 13:48:16 PDT 2003
On Thu, 10 Jul 2003, Brett Glass wrote:
> While working with a FreeBSD system this afternoon, I did something which killed
> natd (the NAT daemon), which was processing packets in the usual way via ipfw
> and a divert socket.
>
> The result? Network communications on the system simply went dead.
>
> It seems to me that ipfw should be able to "self-heal" (that is, bypass the
> rule) or reinvoke a daemon that's attached to a divert socket. Otherwise,
> the process that's attached to the socket becomes an Achilles' heel for
> the whole system. Crash it for any reason, and the system's offline.
>
> Ideas?
Use kernel-mode IPNAT instead of user-mode natd?
--
Matthew Emmerton
Computer Partners
IT Specialist
More information about the freebsd-questions
mailing list