Re: [6.x patchset] Ipfw nat and libalias modules
> >I'm having a bit of trouble backporting 7.x to 6.x, 6.2 Release > specifically. Before I continue down this road, in the name of not > re-inventing the wheel twice, does anyone already have a current patch > which will work on 6.2 ? Thank You! AFAIK no. -- bye, P. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
On Wed, Sep 05, 2007 at 09:41:50PM -0500, Chris Bowman (Home) wrote: I was recently testing the in kernel nat patch, which is an absolutely wonderful addition in my opinion. I have however run into one issue, when for example I do the following : ipfw nat 10 config ip 2.2.2.2 [snip] Where did you get the 6.x patch? Did you find a tarball around or you backported the code from 7.x? In the first case, that patch is old and buggy, and AFAIK the bug you encountered was due to an uninitialized conditional variable. bye, P. I'm having a bit of trouble backporting 7.x to 6.x, 6.2 Release specifically. Before I continue down this road, in the name of not re-inventing the wheel twice, does anyone already have a current patch which will work on 6.2 ? Thank You! Chris Bowman ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
It was indeed the tarball downloaded from http://ubi8.imc.pi.cnr.it/~flag/libalias/libalias.tgz ... Thank you, I'll give the 7.x code a try. Paolo Pisati wrote: On Wed, Sep 05, 2007 at 09:41:50PM -0500, Chris Bowman (Home) wrote: I was recently testing the in kernel nat patch, which is an absolutely wonderful addition in my opinion. I have however run into one issue, when for example I do the following : ipfw nat 10 config ip 2.2.2.2 [snip] Where did you get the 6.x patch? Did you find a tarball around or you backported the code from 7.x? In the first case, that patch is old and buggy, and AFAIK the bug you encountered was due to an uninitialized conditional variable. bye, P. -- ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
On Wed, Sep 05, 2007 at 09:41:50PM -0500, Chris Bowman (Home) wrote: > >I was recently testing the in kernel nat patch, which is an absolutely > wonderful addition in my opinion. I have however run into one issue, when > for example I do the following : > > ipfw nat 10 config ip 2.2.2.2 [snip] Where did you get the 6.x patch? Did you find a tarball around or you backported the code from 7.x? In the first case, that patch is old and buggy, and AFAIK the bug you encountered was due to an uninitialized conditional variable. bye, P. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
[6.x patchset] Ipfw nat and libalias modules
I was recently testing the in kernel nat patch, which is an absolutely wonderful addition in my opinion. I have however run into one issue, when for example I do the following : ipfw nat 10 config ip 2.2.2.2 The command is accepted, and anything I sent to nat process 10 via ipfw works as expected. When I try to add a second NAT instance though, I run into a problem, for example : ipfw nat 20 config ip 3.3.3.3 My goal is to of course have more than one nat process running, but adding anything after that initial first NAT causes a "hang", when I say hang I mean I enter the command, hit enter, and am never returned to a prompt, if I break with CTRL-C, then I can get back to the prompt most of the time, other times I cannot break out via CTRL-C and just have to close that particular shell session. To note, when I run into this hang, the command I ran shows up as a process, ie like this : 3839p3 R+ 0:02.67 ipfw nat 30 config ip 4.4.4.4 At this point, if I can't break out via CTRL-C , in another shell on the same machine I tried to kill the process, then kill -9, neither works, the process stays until I reboot the machine. Finally, just to note, even if the command doesn't return me to a shell prompt, or even if it hangs, the nat processes themselves to work, if I do a "ipfw nat show config" , all is well, and I've tested to be sure, the nat processes are definitely active and working as they should. To reproduce the problem Im seeing, simply try : ipfw nat 10 config ip 1.1.1.1 <== Works Fine ipfw nat 20 config ip 2.2.2.2 <== Won't return you back to a shell Prompt I've tried this on x86 as well as AMD64, both having the same exact problem. Both machines are running 6.1-RELEASE-p19 Please let me know if I can help with additional information, and by the way, aside from this small issue, in kernel nat is absoulutely awesome, thanks for all the hard work! Chris Bowman ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
On Mon, Jul 03, 2006 at 01:42:36AM +1000, Vini Engel wrote: > Paolo Pisati said the following on 15/05/06 08:05: > > Released a new revision of my libalias+ipfw work as a > > patchset for 6.x, get it here: > > http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz > > > > fixed the checksum corruption occurring to redirected/generated traffic > > to/by a local interface on the nat box. > > > > For more info: > > http://wikitest.freebsd.org/moin.cgi/PaoloPisati > > Hi guys, > > I was wondering how stable this is at the moment? I am very keen on > using it on my production box(es) but would like to hear someone else's > experience first. i know there're people using it on their productions boxes and i didn't hear anyone complaining, so i assume the code is stable. BTW i just started to cleanup my patch for HEAD, but it'll take a bit before i finish everything, so fell free to use the previous patch. bye -- Paolo Piso's first law: nothing works as expected! ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Paolo Pisati said the following on 15/05/06 08:05: > Released a new revision of my libalias+ipfw work as a > patchset for 6.x, get it here: > http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz > > fixed the checksum corruption occurring to redirected/generated traffic > to/by a local interface on the nat box. > > For more info: > http://wikitest.freebsd.org/moin.cgi/PaoloPisati Hi guys, I was wondering how stable this is at the moment? I am very keen on using it on my production box(es) but would like to hear someone else's experience first. Thanks, Vini ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
[6.x patchset] Ipfw nat and libalias modules
Released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz fixed the checksum corruption occurring to redirected/generated traffic to/by a local interface on the nat box. For more info: http://wikitest.freebsd.org/moin.cgi/PaoloPisati -- Paolo "le influenze esterne sono troppe, il mondo reale non e' mica quello fatato dei komunisti :-p" - Anonymous Lumbard ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Now, I think that we have to make some ipfw example code for NAT in-kernel with and without keep-state/chack-state . I start in monday with stateful ipfw. Thanks for help me!!! (Now I have FreeBSD 6.1) I haven't tried with keep-state yes (dont even know if keep-state is ready to maintain "nat" state, I think it is not). The box which is taking me to internet right now at my building is ipfw nat, for wired and wireless networks. Here are the running rules: ([EMAIL PROTECTED])~# ipfw show | grep nat 2 19812654104938057 nat 20 ip from { 10.69.69.0/24 or 172.16.69.0/24 } to any out via sis0 20100 27128929 37927915720 nat 20 ip from any to any in via sis0 ([EMAIL PROTECTED])~# ipfw nat 20 show config ipfw nat 20 config if sis0 log unreg_only redir_port tcp 10.69.69.13:4662 4662 redir_port tcp 10.69.69.39:80 3980 redir_port tcp 10.69.69.39:6969 3969 ([EMAIL PROTECTED])~# grep nat /etc/rc.firewall $fwcmd nat 20 config if sis0 log unreg_only redir_port tcp 10.69.69.13:4662 4662 redir_port tcp 10.69.69.39:80 3980 redir_port tcp 10.69.69.39:6969 3969 $fwcmd add 2 set 20 nat 20 all from $redes to any out via $ife $fwcmd add 20100 set 20 nat 20 all from any to any in via $ife I have some more enviroments running NAT in in different IPs with "prob", for testing purposes. I can print configs next week, since I cant access those boxes on weekends. I hope it helps as example, I have just rewriten selective "divert" which I used before into "nat" rules. BTW (offside note): Next week I will add a TinyBSD image with ipfw nat (FreeBSD 6.1) on www.tinybsd.org, so if anyone want to try ipfw nat in their soekris/wrap/whatever boards, hang on untill wednesday. -- Patrick Tracanelli ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Patrick Tracanelli wrote: Probably you dont have the latest RELENG_6 code or it is not in sync (say, manually modified). I have ipfw nat running on -RC1 and -RC2, i386 and amd64 and with clean src the patch applies perfectly. Yes, I try again. And I get error again! cd /usr/obj rm ALL cd /usr/src make clean make clean make update (files changed by patch) make update (NONE!!!) Apply You patch. And I get the same error. I install previous patch, and my PC with NAT in-kernel work OK. Can You help me? Thanks! How is your code sync'ed? Which RELENG from which date? Try rm -rf sys/modules/libalias sys/modules/ipfw sys/conf/files/ cvsug -g -L2 -h cvsup.freebsd.org /usr/share/examples/cvsup/stable-supfile cd /usr/src/ cp . patch -p3 < Do a world build. I am considering your code is not in sync with recent RELENG_6. If it is -RC2 try only rm -rfing the mentioned subdirectories and cvsup. BTW I have static IPFIREWALL so I added options LIBALIAS to my kernel conf file Yes, I find the problem. The problem was in two new files alias_dummy.c and alias_mod.c. Becouse this files is new cvsup don't delete them and patch append to old file (and append, and append, ...) (I didn't try cvsup -D options) When I edit (left only one source, insted of many) compile is OK. Now, I think that we have to make some ipfw example code for NAT in-kernel with and without keep-state/chack-state . I start in monday with stateful ipfw. Thanks for help me!!! (Now I have FreeBSD 6.1) ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Probably you dont have the latest RELENG_6 code or it is not in sync (say, manually modified). I have ipfw nat running on -RC1 and -RC2, i386 and amd64 and with clean src the patch applies perfectly. Yes, I try again. And I get error again! cd /usr/obj rm ALL cd /usr/src make clean make clean make update (files changed by patch) make update (NONE!!!) Apply You patch. And I get the same error. I install previous patch, and my PC with NAT in-kernel work OK. Can You help me? Thanks! How is your code sync'ed? Which RELENG from which date? Try rm -rf sys/modules/libalias sys/modules/ipfw sys/conf/files/ cvsug -g -L2 -h cvsup.freebsd.org /usr/share/examples/cvsup/stable-supfile cd /usr/src/ cp . patch -p3 < Do a world build. I am considering your code is not in sync with recent RELENG_6. If it is -RC2 try only rm -rfing the mentioned subdirectories and cvsup. BTW I have static IPFIREWALL so I added options LIBALIAS to my kernel conf file -- Patrick Tracanelli FreeBSD Brasil LTDA. (31) 3281-9633 / 3281-3547 [EMAIL PROTECTED] http://www.freebsdbrasil.com.br "Long live Hanin Elias, Kim Deal!" ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Patrick Tracanelli wrote: Nenad Gavrilovic wrote: Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch then you have to recompile & install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch and make kernel I get the error as follows: Probably you dont have the latest RELENG_6 code or it is not in sync (say, manually modified). I have ipfw nat running on -RC1 and -RC2, i386 and amd64 and with clean src the patch applies perfectly. Yes, I try again. And I get error again! cd /usr/obj rm ALL cd /usr/src make clean make clean make update (files changed by patch) make update (NONE!!!) Apply You patch. And I get the same error. I install previous patch, and my PC with NAT in-kernel work OK. Can You help me? Thanks! ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Paolo Pisati wrote: Nenad Gavrilovic wrote: Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch then you have to recompile & install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch strange... is your src tree clean? YES!!! When I get error in first time I do: cd /usr/obj rm ALL cd /usr/src make clean make clean make update and apply You patch. Again I get same error. cd /usrc/src && find . -name "*.rej" NONE!!! lets's see if some patch didn't apply. P. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Nenad Gavrilovic wrote: Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch then you have to recompile & install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch and make kernel I get the error as follows: Probably you dont have the latest RELENG_6 code or it is not in sync (say, manually modified). I have ipfw nat running on -RC1 and -RC2, i386 and amd64 and with clean src the patch applies perfectly. -- Patrick Tracanelli FreeBSD Brasil LTDA. (31) 3281-9633 / 3281-3547 [EMAIL PROTECTED] http://www.freebsdbrasil.com.br "Long live Hanin Elias, Kim Deal!" ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Nenad Gavrilovic wrote: Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch then you have to recompile & install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch strange... is your src tree clean? cd /usrc/src && find . -name "*.rej" lets's see if some patch didn't apply. P. ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [6.x patchset] Ipfw nat and libalias modules
Paolo Pisati wrote: I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch then you have to recompile & install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. When I do: cd /usr/src make update (2006-05-05) make clean ... and cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch and make kernel I get the error as follows: ... >>> stage 3.1: making dependencies ... ===> libalias (depend) ===> libalias/kld-cuseeme (depend) "/usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk", line 177: warning: duplicate script for target "alias_cuse "/usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk", line 182: warning: duplicate script for target "alias_cuse "/usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk", line 198: warning: duplicate script for target "alias_cuse "/usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk", line 202: warning: duplicate script for target "alias_cuse "/usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk", line 209: warning: duplicate script for target "alias_cuse "/usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk", line 254: warning: duplicate script for target "@" ignored "/usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk", line 254: warning: duplicate script for target "machine" i "/usr/src/sys/modules/libalias/kld-cuseeme/../../../conf/kmod.mk", line 446: warning: duplicate script for target "lint" igno @ -> /usr/src/sys machine -> /usr/src/sys/i386/include rm -f .depend mkdep -f .depend -a -nostdinc -nostdinc -D_KERNEL -DKLD_MODULE -DHAVE_KERNEL_OPTION_HEADERS -D_KERNEL -DKLD_MODULE -I- -I- cc1: error: -I- specified twice mkdep: compile failed *** Error code 1 Stop in /usr/src/sys/modules/libalias/kld-cuseeme. *** Error code 1 Stop in /usr/src/sys/modules/libalias. *** Error code 1 Stop in /usr/src/sys/modules. *** Error code 1 Stop in /usr/obj/usr/src/sys/GENERIC. *** Error code 1 Stop in /usr/src. *** Error code 1 . Also whel I do make buildworld I get: ... >>> stage 4.2: building libraries ... ===> lib/libalias (all) ===> lib/libalias/lib-cuseeme (all) "/usr/src/share/mk/bsd.lib.mk", line 110: warning: duplicate script for target "libalias_cuseeme.a" ignored "/usr/src/share/mk/bsd.lib.mk", line 111: warning: duplicate script for target "libalias_cuseeme.a" ignored "/usr/src/share/mk/bsd.lib.mk", line 112: warning: duplicate script for target "libalias_cuseeme.a" ignored "/usr/src/share/mk/bsd.lib.mk", line 113: warning: duplicate script for target "libalias_cuseeme.a" ignored "/usr/src/share/mk/bsd.lib.mk", line 138: warning: duplicate script for target "libalias_cuseeme.so.4" ignored "/usr/src/share/mk/bsd.lib.mk", line 139: warning: duplicate script for target "libalias_cuseeme.so.4" ignored "/usr/src/share/mk/bsd.lib.mk", line 141: warning: duplicate script for target "libalias_cuseeme.so.4" ignored "/usr/src/share/mk/bsd.lib.mk", line 145: warning: duplicate script for target "libalias_cuseeme.so.4" ignored "/usr/src/share/mk/bsd.lib.mk", line 181: warning: duplicate script for target "_EXTRADEPEND" ignored cc -O2 -fno-strict-aliasing -pipe -march=pentium-mmx -Werror -Werror -c /usr/src/lib/libalias/lib-cuseeme/../../../sys/neti net/libalias/alias_cuseeme.c building static alias_cuseeme library ranlib libalias_cuseeme.a cc -fpic -DPIC -O2 -fno-strict-aliasing -pipe -march=pentium-mmx -Werror -Werror -c /usr/src/lib/libalias/lib-cuseeme/../.. /../sys/netinet/libalias/alias_cuseeme.c -o alias_cuseeme.So building shared library libalias_cuseeme.so.4 ===> lib/libalias/lib-dummy (all) "/usr/src/share/mk/bsd.lib.mk", line 110: warning: duplicate script for target "libalias_dummy.a" ignored "/usr/src/share/mk/bsd.lib.mk", line 111: warning: duplicate script for target "libalias_dummy.a" ignored "/usr/src/share/mk/bsd.lib.mk", line 112: warning: duplicate script for target "libalias_dummy.a" ignored "/usr/src/share/mk/bsd.lib.mk", line 113: warning: duplicate script for target "libalias_dummy.a" ignored "/usr/src/share/mk/bsd.lib.mk", line 138: warning: duplicate script for target "libalias_dummy.so.4" ignored "/usr/src/share/mk/bsd.lib.mk", line 139: warning: duplicate script for target "libalias_dummy.so.4" ignored "/usr/src/share/mk/bsd.lib.mk", line 141: warning: duplicate script for target "libalias_dummy.so.4" ignored "/usr/src/share/mk/bsd.lib.mk", line 145: warning: duplicate script for target "libalias_dummy.so.4" ignored "/usr/src/share/mk/bsd.lib.mk", line 181: warning: duplicate script for target "_EXTRADEPEND" ignored cc -O2 -fno-strict-aliasing -pipe -march=pentium-mmx -Werror -Werror -c /usr/src/lib/libalias/lib-dummy/../../../sys/net
[6.x patchset] Ipfw nat and libalias modules
I just released a new revision of my libalias+ipfw work as a patchset for 6.x, get it here: http://mercurio.srv.dsi.unimi.it/~pisati/libalias/libalias-6.x.tgz To apply it: cp libalias_ipfw.patch /usr/src cd /usr/src patch -p3 < libalias_ipfw.patch then you have to recompile & install: kernel, sbin/ipfw, sbin/natd, sbin/ppp, lib/libalias, sys/modules/ipfw, sys/modules/libalias or simply do a world. With this patch you get: -ipfw nat + redirect + LSNAT support -libalias modules (both in user and kernel land) -for kernel land, all the libalias modules are installed in /boot/kernel as alias_*.ko. -for user land (natd & ppp), modules are shared lib loaded according to /etc/libalias.conf. To reload modules for a known process, just 'kill -HUP $PID' it. -natd & ppp are patched to use libalias modules If your natd/ppp/ipfw behaves strangely after you applied my patch (i.e. active ftp stops working), remember to check libalias modules. Some ipfw examples: ipfw add nat 666 all from any to any via $IF ipfw nat 666 confg ip 192.168.0.1 # nat with a fixed address ipfw nat 666 confg if $IF log # dynamic if addr nat and logging ipfw nat 666 confg if $IF redir_port ...# redirect support with ipfw nat 666 confg if $IF redir_addr ...# linkspec natd syntax, ipfw nat 666 confg if $IF redir_proto ... # LSNAT works too. # different ipfw rules can be redirected to use # the same nat instance ipfw add nat 666 all from $IP1 to any via $IF1 ipfw add nat 666 all from any to any via $IF2 out ipfw add nat 666 all from $IP2 to $IP3 ipfw nat show # see logs ipfw nat show config# nat configuration To load/unload a libalias module (kernel): kldload alias_ftp # active ftp work ok now kldunload alias_ftp To load/unload a libalias module (user): [edit /etc/libalias.conf and add/cut needed modules] kill -HUP $PID For more info see the readme inside the archive. TODO: Not tested on SMP & !i386, logging ability should be improved(right now it's the same as original libalias), documentation should be man-pagified, patchset for 7.x, etcetc bye -- Paolo "le influenze esterne sono troppe, il mondo reale non e' mica quello fatato dei komunisti :-p" - Anonymous Lumbard ___ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"