svn commit: r277714 - head/sbin/ipfw
Nick Hibma
nick at van-laarhoven.org
Mon Jan 26 21:50:48 UTC 2015
> On 26 Jan 2015, at 22:24, John Baldwin <jhb at freebsd.org> wrote:
>
> On Monday, January 26, 2015 09:34:39 PM Olivier Cochard-Labbé wrote:
>> On Sun, Jan 25, 2015 at 9:37 PM, John Baldwin <jhb at freebsd.org> wrote:
>>> Author: jhb
>>> Date: Sun Jan 25 20:37:32 2015
>>> New Revision: 277714
>>> URL: https://svnweb.freebsd.org/changeset/base/277714
>>>
>>> Log:
>>> natd(8) will work with an unconfigured interface and effectively not do
>>> anything until the interface is assigned an address. This fixes
>>> ipfw_nat to do the same by using an IP of INADDR_ANY instead of
>>> aborting the nat setup if the requested interface is not yet configured.
>>
>> Hi,
>>
>> I've still a problem with ipfw_nat and unconfigured interface:
>> On my setup I'm using ipfw with NAT rules using an OpenVPN tunnel interface
>> as source address for NATting.
>>
>> During the machine startup, ipfw is started before openvpn (hopefully) and
>> its configuration mention do to NAT using tun0 IP address.
>> Then OpenVPN start and create a tun0 and set an IP address on it.
>> => But no unicast traffic is allowed on this tun0 interface until I restart
>> ipfw.
>>
>> If I correctly understand the log of this commit: This behavior should be
>> fixed by this commit, right ?
>
> It might. What happened for me is that I was using nat over wlan0 for VM's
> on my laptop to reach the outside world, but wlan0 doesn't get an IP until
> later in the boot after it associates. As a result, wlan0 wasn't passing any
> IP traffic until this fix (or if I reloaded ipfw after wlan0 was configured).
I don’t think it does. The interface is not available until openvpn is started.You need to clone the interface during boot by adding
cloned_interfaces=‘tun0’
in your /etc/rc.conf. Initialisation is then done later by openvpn.
Let me know if that works for you.
Nick
More information about the svn-src-all
mailing list