Bug #1764
closedCrash using natd
0%
Description
I upgraded from 2.4.1 to 2.6.3 on the computer that serves as my house
gateway - it does NAT using ipfw2. Shortly after reaching a console login
prompt, my system would crash.
http://www.shiningsilence.com/crash1.jpg
http://www.shiningsilence.com/crash2.jpg
Kernel and core in leaf:~/crash
(core may not be the same panic as when I took these photos; I had some
experimentation to do to get back online.)
It seemed that anything that would have to translate data back across the
exterior interface would cause it. Turning off various programs helped,
but the system would panic again if something external sent data destined
for a computer on the internal side of the network.
Removing these lines from /etc/rc.conf stopped the panics, but also lost
my gateway for internal systems.
gateway_enable="YES"
natd_enable="YES"
natd_interface="em0"
So: is anyone else still using ipfw2 on DragonFly? For NAT? Does it work?
It looks like my next best idea is to switch to pf.
Updated by dillon over 14 years ago
:Removing these lines from /etc/rc.conf stopped the panics, but also lost
:my gateway for internal systems.
:
:gateway_enable="YES"
:natd_enable="YES"
:natd_interface="em0"
:
:So: is anyone else still using ipfw2 on DragonFly? For NAT? Does it work?
:
:It looks like my next best idea is to switch to pf.
I've been using NAT with pf with good success. Basically its a line
something like this:
extif="sk1"
nat on $extif from 10.0.0.0/16 to any -> ($extif)
I use ipfw2 but only basic rules. We should probably remove the
NAT functionality from ipfw2 entirely.
-Matt
Matthew Dillon
<dillon@backplane.com>
Updated by justin over 14 years ago
Fixed by switching to pf using the config Matt posted. For posterity:
IPFIREWALL and associated options need to be removed from kernel config if
present, and gateway_enable and pf_enable need to be in rc.conf.