Dag-Erling Smorgrav wrote:
>
> obituary <[EMAIL PROTECTED]> writes:
> > If anyone can shed some light on my situation (or has experienced
> > similar troubles themselves) I'd be most grateful to hear from you.
>
> You forgot to attach the output of 'ipfw -a l'.
Ok, since my original post I've done a little more testing. The problem
appears to be related to natd. If natd has been run at any time since
booting, the problems occur.
I compiled a fresh kernel on the firewall machine (3.2-RELEASE) without
firewalling options. Everything worked fine -- I was able to cvsup the
firewall box. I then recompiled with the firewalling options enabled,
but set the firewall_type="open" and natd_enable="NO" in rc.conf. Once
again, everything worked fine. I enabled natd to see if I could cvsup
my other machine (4.0-CURRENT) and that's where the trouble started. I
couldn't cvsup the CURRENT box *or* the firewall box after enabling
natd. I couldn't even cvsup the firewall box after taking the divert
rule out!
Listing of ipfw -a l:
00100 16 1792 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 1742 663154 divert 8668 ip from any to any via ppp0
65000 9023 1751445 allow ip from any to any
65535 0 0 deny ip from any to any
List of options in my kernel:
pseudo-device ether #Generic Ethernet
pseudo-device loop #Network loopback device
pseudo-device ppp 2 #Point-to-point protocol
options PPP_BSDCOMP #PPP BSD-compress support
options PPP_DEFLATE #PPP zlib/deflate/gzip support
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
options IPDIVERT
The command I use for natd is:
natd -dynamic -n ppp0
I've also tried the -m option, but it makes no difference.
-jake (obituary) Powered by FreeBSD
[EMAIL PROTECTED] http://www.freebsd.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
