From owner-freebsd-current@FreeBSD.ORG  Wed Dec 17 09:55:46 2008
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 80CE71065670;
	Wed, 17 Dec 2008 09:55:46 +0000 (UTC)
	(envelope-from p.pisati@oltrelinux.com)
Received: from mail0.tomato.it (mail0.tomato.it [213.92.0.53])
	by mx1.freebsd.org (Postfix) with SMTP id D1E5E8FC1A;
	Wed, 17 Dec 2008 09:55:35 +0000 (UTC)
	(envelope-from p.pisati@oltrelinux.com)
Received: from wlf.contactlab.it (unknown [172.16.7.101])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by mail0.tomato.it (Postfix) with ESMTPS id DFC5928426;
	Wed, 17 Dec 2008 10:36:08 +0100 (CET)
Received: from ferret.tomato.lan (62.101.64.91) by wfl.contactlab.it
	(172.16.7.101) with Microsoft SMTP Server id 8.1.240.5; Wed, 17 Dec 2008
	10:36:25 +0100
Message-ID: <4948C7BE.7070602@oltrelinux.com>
Date: Wed, 17 Dec 2008 10:34:54 +0100
From: Paolo Pisati <p.pisati@oltrelinux.com>
User-Agent: Thunderbird 2.0.0.16 (X11/20080815)
MIME-Version: 1.0
To: Joe Marcus Clarke <marcus@FreeBSD.org>
References: <1229476796.49670.7.camel@shumai.marcuscom.com>
In-Reply-To: <1229476796.49670.7.camel@shumai.marcuscom.com>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
Cc: current <current@FreeBSD.org>
Subject: Re: NAT (ipfw/natd) broken in latest -CURRENT
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2008 09:55:46 -0000

Joe Marcus Clarke wrote:
> I just upgraded my i386 -CURRENT box from November 14 to today, and now
> my SSH-over-PPP VPN tunnel no longer works.  I did some packet captures,
> and it appears that NAT is no longer working.  If I send a telnet packet
> from my client side over the PPP tunnel, I see the SYN go out on the
> server side network properly translated.  The destination host ACKs
> correctly, but the ACK never goes back across the tunnel.  It's as if
> natd is no longer translating the packet on the inbound path.  Besides
> the upgrade, nothing has changed in my environment.  
>   
lately some work has been done on the vimage and routing tree stuff, 
thus your best bet  is to go back
some days and try again.

-- 

bye,
P.