>Number: 148928
>Category: misc
>Synopsis: Problem with loading of ipfw NAT rules during system startup
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jul 25 13:30:06 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Fmyoen
>Release: 8.1-RELEASE
>Organization:
Fmyoen
>Environment:
FreeBSD ... 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010
[email protected]:/usr/obj/usr/src/sys/GENERIC i386
>Description:
It looks like during system startup (in some setups?) ipdivet.ko kernel module
loads later than the default /etc/rc.firewall script executes, and thus script
fails to properly add NAT related ipfw rules. In my case it was this rule:
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface}
fi
This results in:
ipfw: getsockopt(IP_FW_ADD): Invalid argument
So after every reboot I should manually run sh /etc/rc.firewall to flush and
add ipfw rules once again. I've got this problem at least on two my PCs and at
least one guy has similar problem as reported here
http://www.opennet.ru/openforum/vsluhforumID3/69154.html#26.
Here is parts of my configuration files although I doubt it would help:
rc.conf:
ifconfig_vr1="dhcp"
gateway_enable="YES"
# IPFW
firewall_enable="YES"
firewall_type="OPEN"
# NAT
natd_program="/sbin/natd"
natd_enable="YES"
natd_interface="vr1"
natd_flags="-m"
sysctl.conf:
net.inet.ip.fw.one_pass=0
>How-To-Repeat:
Reboot PC.
>Fix:
echo 'ipdivert_load="YES"' >> /boot/loader.conf causes normal rule execution
during startup.
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
