In some email I received from Greg Rumple, sie wrote: > And sure enough, I found a DoS tool that will crash it (with the error I > was getting) like clockwork. I can cause it to crash in as little as 10 > packets (it's an ICMP exploit btw interestingly enough (and rebuilding > the kernel with no INET6 didn't help btw)). > > I also started taking pieces out of the kernel in an attempt to narrow > it down. What I found was it only happens when I use the BIMAP piece of > the puzzle (along with the proxy arp of course). I basically stripped > my system down to the following. > > No ipf rules (so allow everything) > > ipnat.rules > ----------- > bimap fxp0 10.10.2.231/32 -> 1.2.3.231/32
If you remove the next two rules, it still panic's ? > map fxp0 10.10.2.0/24 -> 1.2.3.70/32 portmap tcp/udp 1025:65000 > map fxp0 10.10.2.0/24 -> 1.2.3.70/32 Darren
