Another gratuitous lesson learned from upgrading my net5501 from FreeBSD 8.0R to 8.1R. May it save others who follow. -Jed
If you're using natd with ipfw in FreeBSD 8.0 or earlier and upgrade to FreeBSD 8.1, you may need to modify your ipfw divert rules slightly. The following works up through 8.0, but will fail with no indications in 8.1: > add 300 divert natd ip from any to any in via vr1 > add 60000 divert natd ip from any to any out via vr1 You need to change the "ip" to "ip4" in divert rules. For example: > add 300 divert natd ip4 from any to any in via vr1 > add 60000 divert natd ip4 from any to any out via vr1 And since "ip" and "any" are supposedly synonyms, I'd guess you'd need to change "any" in a divert rule to "ip4" as well. I saw no explanation on why this is needed. My guess is natd is choking on non-IPv4 packets now, where it ignored them in the past. Note, I use the cpp preprocessor on my ipfw rules, so your syntax might be slightly different. _______________________________________________ Soekris-tech mailing list Soekris-tech@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
