Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 05 Sep 2007 21:41:50 -0500
From:      "Chris Bowman (Home)" <>
To:, Chris Bowman <>
Subject:   [6.x patchset] Ipfw nat and libalias modules
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

    I was recently testing the in kernel nat patch, which is an 
absolutely  wonderful addition in my opinion.  I have however run into 
one issue, when for example I do the following :

ipfw nat 10 config ip

The command is accepted, and anything I sent to nat process 10 via ipfw 
works as expected.  When I try to add a second NAT instance though, I 
run into a problem, for example :

ipfw nat 20 config ip

My goal is to of course have more than one nat process running, but 
adding anything after that initial first NAT causes a "hang", when I say 
hang I mean I enter the command, hit enter, and am never returned to a 
prompt, if I break with CTRL-C,  then I can get back to the prompt most 
of the time, other times I cannot break out via CTRL-C and just have to 
close that particular shell session.  To note, when I run into this 
hang, the command I ran shows up as a process, ie like this :

3839    p3   R+               0:02.67 ipfw nat 30 config ip

At this point, if I can't break out via CTRL-C , in another shell on the 
same machine I tried to kill the process, then kill -9, neither works, 
the process stays until I reboot the machine. 

Finally, just to note, even if the command doesn't return me to a shell 
prompt, or even if it hangs, the nat processes themselves to work, if I 
do a   "ipfw nat show config" , all is well, and I've tested to be sure, 
the nat processes are definitely active and working as they should.

To reproduce the problem Im seeing, simply try :

ipfw nat 10 config ip  <== Works Fine
ipfw nat 20 config ip  <== Won't return you back to a shell Prompt

I've tried this on x86 as well as AMD64, both having the same exact 
problem.  Both machines are running 6.1-RELEASE-p19

Please let me know if I can help with additional information, and by the 
way, aside from this small issue, in kernel nat is absoulutely awesome, 
thanks for all the hard work! 

Chris Bowman

Want to link to this message? Use this URL: <>