IPDIVERT natd panic

Ben Woolley tautolog at gmail.com
Wed Jun 15 18:29:30 PDT 2005


Hello,

http://65.102.47.196/dfly/
That has the messages, kernel config, dumps, and firewall rules.

I am using Preview cvsupped about 24 hours ago, using gcc34. 

I followed the directions outlined in man firewall first, and that
caused a crash, but I thought I might have misconfigured something
because right before the crash, and ipfw show revealed a huge number
of packets being diverted (in the millions) after less than a minute.
So I tried it the simpler way noted in man natd. I figured I had just
ran out of mbufs or something because I did something recursive.
Anyway, this is about the second case, because it is more specific.

I have IPDIVERT in my kernel config, made sure the sysctl settings
were right, ran natd -interface fxp0 (the other interface is xl0), and
did:

ipfw add 300 divert natd all from any to any via fxp0

There were some other firewall rules, which I posted above, which were
similar to the ones outlined in man firewall, but for only two
interfaces, and without the first three related to natd, and they are
running now just fine. I have the lines I was using for natd the first
time in the file, but they are commented out.

As soon as I added that firewall rule, the first packet would cause
the crash. I tried a ping google.com and that made it crash that
instant. I didn't have time to do a ping when I got the dump. A packet
just came in and triggered it in a second. I also had an ipnat rule
when I started up, but I cleared it for testing natd, and you can see
my command to do so in messages.

BTW, I am using pf and ipnat now, and it is working great. :)

Thank you for providing this alternative FreeBSD path. :)

- Ben Woolley






More information about the Bugs mailing list