kern/167768: [ipfilter] Fatal trap in ipfilter/ipnat
Darren Reed
darrenr at freebsd.org
Tue Jun 5 18:34:53 UTC 2012
The problem is that you have a port range of 0 in an
ipnat.conf line. Quick solution is to ensure that all
ipnat.conf lines specify a range of ports of greater than 0.
Otherwise patch below applies.
Darren
--- /tmp/ip_nat.c.orig 2012-06-06 04:31:31.000000000 +1000
+++ /tmp/ip_nat.c 2012-06-06 04:31:41.000000000 +1000
@@ -2040,7 +2040,7 @@
port = np->in_pnext;
} else {
port = ipf_random() % (ntohs(np->in_pmax) -
- ntohs(np->in_pmin));
+ ntohs(np->in_pmin) +1);
port += ntohs(np->in_pmin);
}
port = htons(port);
More information about the freebsd-net
mailing list