Date: Fri, 11 Jul 2003 18:20:53 -0500 From: Vulpes Velox <kitbsdlists@HotPOP.com> To: Matthew Emmerton <matt@compar.com> Cc: questions@freebsd.org Subject: Re: Dead natd -> dead system Message-ID: <20030711182053.022b3292.kitbsdlists@HotPOP.com> In-Reply-To: <20030710165545.L32209-100000@skippyii.compar.com> References: <200307101957.NAA01395@lariat.org> <20030710165545.L32209-100000@skippyii.compar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Jul 2003 16:56:12 -0400 (EDT) Matthew Emmerton <matt@compar.com> wrote: > On Thu, 10 Jul 2003, Brett Glass wrote: > > > While working with a FreeBSD system this afternoon, I did something which killed > > natd (the NAT daemon), which was processing packets in the usual way via ipfw > > and a divert socket. > > > > The result? Network communications on the system simply went dead. > > > > It seems to me that ipfw should be able to "self-heal" (that is, bypass the > > rule) or reinvoke a daemon that's attached to a divert socket. Otherwise, > > the process that's attached to the socket becomes an Achilles' heel for > > the whole system. Crash it for any reason, and the system's offline. > > > > Ideas? > > Use kernel-mode IPNAT instead of user-mode natd? What is kernel-mode IPNAT?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030711182053.022b3292.kitbsdlists>