Hello.
Am I right thinking that "if interface" and "reset" parameters should be
enough to handle changing address (DHCP) on external interface?
My rules:
ipfw -q nat 1 config reset if $if_ext log same_ports
ipfw -q add nat 1 udp from $jail_ip to $dns out xmit $if_ext jail $jail_jid
ipfw -q ad
Synopsis: [ipfw] IPFW Rules bug
State-Changed-From-To: open->closed
State-Changed-By: olli
State-Changed-When: Wed Aug 4 15:07:12 UTC 2010
State-Changed-Why:
According to the originator, this PR can be closed.
http://www.freebsd.org/cgi/query-pr.cgi?pr=97504
_
The following reply was made to PR kern/97504; it has been noted by GNATS.
From: Oliver Fromme
To: bug-follo...@freebsd.org, freebsd-ipfw@FreeBSD.org,
marcelo...@hotmail.com (Marcelo Machado)
Cc:
Subject: Re: kern/97504: [ipfw] IPFW Rules bug
Date: Wed, 4 Aug 2010 15:38:13 +0200 (CEST)
Hello Marcelo,
I just stumbled across this old PR which is still open.
Apparently the problem was caused by missing DNS access,
not a bug in IPFW itself. Note that DNS queries often
happen "behind the scenes". Even if you use IP numbers
only, many programs will try to perform reverse-lookup.
D
