From owner-freebsd-current@FreeBSD.ORG  Sat Dec 26 21:13:23 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B1D3F106568B;
	Sat, 26 Dec 2009 21:13:23 +0000 (UTC)
	(envelope-from luigi@onelab2.iet.unipi.it)
Received: from onelab2.iet.unipi.it (onelab2.iet.unipi.it [131.114.59.238])
	by mx1.freebsd.org (Postfix) with ESMTP id 725158FC1B;
	Sat, 26 Dec 2009 21:13:23 +0000 (UTC)
Received: by onelab2.iet.unipi.it (Postfix, from userid 275)
	id C9D3F73098; Sat, 26 Dec 2009 22:21:04 +0100 (CET)
Date: Sat, 26 Dec 2009 22:21:04 +0100
From: Luigi Rizzo <rizzo@iet.unipi.it>
To: Joe Marcus Clarke <marcus@freebsd.org>
Message-ID: <20091226212104.GA10498@onelab2.iet.unipi.it>
References: <1261859138.1555.26.camel@shumai.marcuscom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1261859138.1555.26.camel@shumai.marcuscom.com>
User-Agent: Mutt/1.4.2.3i
Cc: luigi@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org>
Subject: Re: NAT broken in -CURRENT
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Dec 2009 21:13:23 -0000

On Sat, Dec 26, 2009 at 03:25:38PM -0500, Joe Marcus Clarke wrote:
...
> I updated my -CURRENT box yesterday.  After a reboot, NAT no longer
> works.  That is, if I have natd running with ipfw diverting packets to
> it, the box is a big black hole.  No packets leave.  I do see all
...
> I have a feeling the new ipfw code merged ~ 11 days ago is the cause of
> the problem.  Thinking that perhaps the new modularity is causing this
> problem, I also added the following two options to my kernel:
> 
> options	IPFIREWALL_NAT
> options	LIBALIAS
> 
> They did not help.  I have not tried using a purely modular ipfw/NAT
> combination, but I will attempt that later today.  I didn't see anything
> obvious in UPDATING.  Any suggestions, or any recommendations for
> specific troubleshooting data to capture?  Thanks.

the changes were not expected to affect configuration or operation
so clearly i must have broken something in the reinjection process.
If you have a chance of looking at the ipfw counters (to see whether
packets are reinjected and where they end up) that would be helpful.
I'll try to run some tests here tomorrow or more likely on monday.

cheers
luigi