Re: in-kernel nat and stateful inspection hangs system 7.1 RELEASE

2009-02-17 Thread Ian Smith
On Wed, 18 Feb 2009, Roman Kurakin wrote: > n j wrote: > > > About 2 Minutes later after apply this rule set, system writes that bge1 > > > watchdog timeout --- resetting and then system hangs, keyboard doesnt > > > response. No logs can be observed. > > > > > > When i remove all skipto and

Re: in-kernel nat and stateful inspection hangs system 7.1 RELEASE

2009-02-17 Thread Roman Kurakin
n j wrote: About 2 Minutes later after apply this rule set, system writes that bge1 watchdog timeout --- resetting and then system hangs, keyboard doesnt response. No logs can be observed. When i remove all skipto and checkstate rules, system work properly without problems. I suspect about state

Re: in-kernel nat and stateful inspection hangs system 7.1 RELEASE

2009-02-17 Thread n j
> About 2 Minutes later after apply this rule set, system writes that bge1 > watchdog timeout --- resetting and then system hangs, keyboard doesnt > response. No logs can be observed. > > When i remove all skipto and checkstate rules, system work properly > without problems. I suspect about statefu

Re: in-kernel nat and stateful inspection hangs system 7.1 RELEASE

2009-02-17 Thread n j
Sorry, hit the wrong key combo and message went before I finished it :( ... > Here is the rule that after a short while (probably the first packet > to match the rule) freezes the machine: > ipfw -q flush ipfw -q nat 123 config ip a.b.c.d log ipfw -q disable one_pass ... > ipfw add 3 nat 123

Re: in-kernel nat and stateful inspection hangs system 7.1 RELEASE

2009-02-16 Thread Özkan KIRIK
Thanks for you reply, it is only a typo. at real rule set it is correctly written. i wanna use stateful inspection. On Mon, Feb 16, 2009 at 4:28 PM, Oliver Fromme wrote: > Hello, > > Unfortunately I can't help you with your actual problem, > but I have a few remarks that might be helpful. > > Öz

Re: in-kernel nat and stateful inspection hangs system 7.1 RELEASE

2009-02-16 Thread Oliver Fromme
Hello, Unfortunately I can't help you with your actual problem, but I have a few remarks that might be helpful. Özkan KIRIK wrote: > i am using FreeBSD 7.1 RELEASE as gateway (about 2000 clients 90vlans via > if_vlan) . > My Server is HP DL380 G4. I am using the on board gigabit nic as wan >

in-kernel nat and stateful inspection hangs system 7.1 RELEASE

2009-02-16 Thread Özkan KIRIK
Hi, i am using FreeBSD 7.1 RELEASE as gateway (about 2000 clients 90vlans via if_vlan) . My Server is HP DL380 G4. I am using the on board gigabit nic as wan interface which uses bge driver. My rule set is below: wan_intf="bge1" ipfw nat 100 config ip X.X.X.1 reset same_ports ipfw nat 101 config