|
||||||||||
On 22.02.2005 20:46 -0500, Chris Buechler wrote: > On Wed, 23 Feb 2005 01:56:24 +0100, Dennis Karlsson > <dennis at denniskarlsson dot com> wrote: >> >> I can't get beta5 to work with incoming connections while the >> Traffic Shaper is enabled. >> > > Two verified cases of inbound NAT no longer working after upgrade > with traffic shaping enabled here, WRAP and 45xx images. It > immediately works again after disabling traffic shaper. OK, I've investigated the problem and found the cause. It's already been described in a FreeBSD PR: <http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/76539> Only in m0n0wall the situation is reversed (the problem happens on the input side rather than the output side) because I've modified the processing order of ipfw and ipfilter such that the following is true: outbound packets: ipfw -> ipfilter inbound packets: ipfilter -> ipfw This is so that you can write traffic shaper rules with internal source IPs for outbound packets on WAN (rather than after NAT, where you'd just see m0n0wall's WAN IP address as the source). Anyway - the fix described in that PR works similarly for ip_input.c, and it'll be in the next beta release. Thanks everybody for reporting this issue! - Manuel |