Dead natd -> dead system
Vulpes Velox
kitbsdlists at HotPOP.com
Thu Jul 10 15:23:23 PDT 2003
On Thu, 10 Jul 2003 16:56:12 -0400 (EDT)
Matthew Emmerton <matt at compar.com> wrote:
> On Thu, 10 Jul 2003, Brett Glass wrote:
>
> > While working with a FreeBSD system this afternoon, I did something which killed
> > natd (the NAT daemon), which was processing packets in the usual way via ipfw
> > and a divert socket.
> >
> > The result? Network communications on the system simply went dead.
> >
> > It seems to me that ipfw should be able to "self-heal" (that is, bypass the
> > rule) or reinvoke a daemon that's attached to a divert socket. Otherwise,
> > the process that's attached to the socket becomes an Achilles' heel for
> > the whole system. Crash it for any reason, and the system's offline.
> >
> > Ideas?
>
> Use kernel-mode IPNAT instead of user-mode natd?
What is kernel-mode IPNAT?
More information about the freebsd-questions
mailing list