Date: Tue, 17 Feb 2009 18:28:35 +0100 From: n j <nino80@gmail.com> To: freebsd-ipfw@freebsd.org Subject: Re: in-kernel nat and stateful inspection hangs system 7.1 RELEASE Message-ID: <92bcbda50902170928gd0fc74bs7b7836fe92c4609b@mail.gmail.com> In-Reply-To: <92bcbda50902170924h167125f2vf054ffd481ec1831@mail.gmail.com> References: <1d3a1860902160108j372b4446pd21760984d253627@mail.gmail.com> <200902161428.n1GESLvL015103@lurza.secnetix.de> <1d3a1860902161412w2225734do71939efd32346a23@mail.gmail.com> <92bcbda50902170924h167125f2vf054ffd481ec1831@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry, hit the wrong key combo and message went before I finished it :( ... > Here is the rule that after a short while (probably the first packet > to match the rule) freezes the machine: > ipfw -q flush ipfw -q nat 123 config ip a.b.c.d log ipfw -q disable one_pass ... > ipfw add 00003 nat 123 log ip from x.x.x.0/24 to > a.b.c.0/24,a.b.d.0/24,a.b.e.0/24 out # keep-state here causes freeze > ... further down the chain... ipfw add 00900 check-state If anyone else experienced similar cases, I invite them to share. Regards, -- nino
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?92bcbda50902170928gd0fc74bs7b7836fe92c4609b>