IPFW Adding port forwarding to generic kernel breaks mail in/out

[chatvany]

Hi all,
Upgraded to 14.0. Mail flowed fine in and out. Was running sendmail to receive and forward and popd to get mail to our windows Thunderbird clients.
Generated a custom kernel using config file /usr/src/sys/i386/conf/NATKERNEL

include GENERIC
ident NATKERNEL
options         IPFIREWALL              # CAH - enables firewall
options         IPDIVERT                # CAH - enables NAT

When I booted into NATKERNEL, all mail stopped flowing. The system did not accept mail and did not serve mail. Both of those daemons do not seem to be running.
When I was on 12.3 with the same NATKERNEL, mail was fine.
Where do I start to figure this out?
Thanks much,
Charles

 

[im]

As far as I know, you do not need to build a custom kernel to enable IPFW on FreeBSD 12.x
It works fine when loaded as a module.

I did not use 14.0 and can't check how it works.

In my opinion, you can try to enable ipfw without building a custom kernel.
Just enable ipfw in /etc/rc.conf and check the list of loaded modules using kldstat.
Example of the output:

% kldstat
Id Refs Address            Size     Name
 1   29 0xffffffff80200000 1f67a88  kernel
 2    1 0xffffffff82169000 25d30    geom_mirror.ko
 3    2 0xffffffff82221000 23528    ipfw.ko
 4    1 0xffffffff82245000 5285     ipdivert.ko

Keep in mind,
you must have ipfw configuration before enabling/loading of ipfw.
In other case ipfw will block all communications with default rule like "65535 deny all from any to any"

For your case with 14.0:
try to check loaded ipfw rules when mail works and does not work.