From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 6 03:09:27 2007 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 817FC16A418 for ; Thu, 6 Sep 2007 03:09:27 +0000 (UTC) (envelope-from chrishome@austin.rr.com) Received: from smtpout07.prod.mesa1.secureserver.net (smtpout07-04.prod.mesa1.secureserver.net [64.202.165.233]) by mx1.freebsd.org (Postfix) with SMTP id 4FB7C13C45E for ; Thu, 6 Sep 2007 03:09:27 +0000 (UTC) (envelope-from chrishome@austin.rr.com) Received: (qmail 32431 invoked from network); 6 Sep 2007 02:42:23 -0000 Received: from unknown (70.113.73.215) by smtpout07-04.prod.mesa1.secureserver.net (64.202.165.233) with ESMTP; 06 Sep 2007 02:42:23 -0000 Message-ID: <46DF68EE.1010905@austin.rr.com> Date: Wed, 05 Sep 2007 21:41:50 -0500 From: "Chris Bowman (Home)" User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org, Chris Bowman Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: [6.x patchset] Ipfw nat and libalias modules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2007 03:09:27 -0000 I was recently testing the in kernel nat patch, which is an absolutely wonderful addition in my opinion. I have however run into one issue, when for example I do the following : ipfw nat 10 config ip 2.2.2.2 The command is accepted, and anything I sent to nat process 10 via ipfw works as expected. When I try to add a second NAT instance though, I run into a problem, for example : ipfw nat 20 config ip 3.3.3.3 My goal is to of course have more than one nat process running, but adding anything after that initial first NAT causes a "hang", when I say hang I mean I enter the command, hit enter, and am never returned to a prompt, if I break with CTRL-C, then I can get back to the prompt most of the time, other times I cannot break out via CTRL-C and just have to close that particular shell session. To note, when I run into this hang, the command I ran shows up as a process, ie like this : 3839 p3 R+ 0:02.67 ipfw nat 30 config ip 4.4.4.4 At this point, if I can't break out via CTRL-C , in another shell on the same machine I tried to kill the process, then kill -9, neither works, the process stays until I reboot the machine. Finally, just to note, even if the command doesn't return me to a shell prompt, or even if it hangs, the nat processes themselves to work, if I do a "ipfw nat show config" , all is well, and I've tested to be sure, the nat processes are definitely active and working as they should. To reproduce the problem Im seeing, simply try : ipfw nat 10 config ip 1.1.1.1 <== Works Fine ipfw nat 20 config ip 2.2.2.2 <== Won't return you back to a shell Prompt I've tried this on x86 as well as AMD64, both having the same exact problem. Both machines are running 6.1-RELEASE-p19 Please let me know if I can help with additional information, and by the way, aside from this small issue, in kernel nat is absoulutely awesome, thanks for all the hard work! Chris Bowman