* Guido van Rooij ([EMAIL PROTECTED]) [030528 05:37]: > On Wed, May 28, 2003 at 05:35:05AM -0700, Greg Rumple wrote: > > * Guido van Rooij ([EMAIL PROTECTED]) [030527 23:41]: > > > On Tue, May 27, 2003 at 01:05:48PM -0700, Greg Rumple wrote: > > > > Okay, I've built a FreeBSD 4.8 box (4.8-RELEASE) to be a firewall for a > > > > very large internet site. The box is a Celeron 466 (Pentium 3 based) > > > > with 256MB of ram (yeah I know, thrifty aren't I?). I'm using a very > > > > complex setup (as this was built to replace a PIX, and therefore it was > > > > configured to be a direct drop in replacement (hence the extremely > > > > complex configuration)), and have it working fine short of 1 problem. > > > > Every 12 hours now I experience a kernel panic. I built a debug kernel > > > > and here is the backtrace (the relevant part at least) of the crash. > > > > > > I see this with a friend of mine as well. Do you happen to have ipv6 enabled > > > on this system (even if you happen to have empty ipv6 rulesets for ipf)? > > > Can you check, in the coredump, if ip_natin() argument > > > ip points to an icmp packet? > > > > So far 2 crashs later, the packet in both cases in the ip_natin code > > (print *ip) is a TCP packet. > > DO you have a kernel with Ipv6?
Yeah I believe the default kernel in 4.8 (I'm using the GENERIC kernel plus 4 lines added to it) most certanly does have IPv6. I'm not using it, but you said that doesn't apply. And yes doing an ipfstat -hio6 shows I have empty rule sets for ipv6 traffic. > > If not, this certainly does not apply to you. > > -Guido > -- Greg Rumple [EMAIL PROTECTED]
