Solved Changing natd interface without reboot

[hschauhan]

I usually use wlan as the natd interface. It gives my bhyve guests internet access. When I connect a wired interface, I change natd interface in rc.con to wired interface. Then I restart natd. When I look at "ps ax | grep natd" output, I see that it has changed the interface but the guest looses internet connectivity. I tried restarting routing, then setting default gateway. The host can ping outside but guest still doesn't have connectivity. Only after I reboot, everything else works fine.

I has dnsmasq running which gives IP to guests over bridge0. The guest is connected to bridge on tap0.

I am fairly new to FreeBSD and tried everything I could find on internet. I believe either there is a service restart missing or the order I am restarting the services is wrong. Please help!

 

[SirDice]

When using DHCP you probably need to restart that; service dhclient restart <interface> i.e. service dhclient restart em0.

 

[hschauhan]

I did a tcpdump on both working and not working case.

In working case:
IP 192.168.29.207 > 8.8.8.8: ICMP echo request, id 1, seq 6, length 64
IP 8.8.8.8 > 192.168.29.207: ICMP echo reply, id 1, seq 6, length 64

In non-working case (example, lost the log after reboot):
IP 192.168.16.160 > 8.8.8.8: ICMP echo request, id 1, seq 6, length 64
IP 192.168.16.160 > 8.8.8.8: ICMP echo request, id 1, seq 6, length 64

192.168.16.x is assigned by dnsmasq to the guest.

Seems like natd stops translating the addresses. The packet goes out as 192.168.16.x and on reply my ISP router doesn't know what to do about it and hence drops.

 

[hschauhan]

Got it working!

For anyone else:
Instead of restarting natd, restart ipfw.

# service ipfw restart

ipfw restart will restart natd and update the firewall rules.

This post can be marked as solved. Thanks SirDice for your reply!

 

[smithi]

I usually use wlan as the natd interface. It gives my bhyve guests internet access. When I connect a wired interface, I change natd interface in rc.con to wired interface. Then I restart natd.

It's been many years since I last ran natd(8), so I just browsed the manpage, but if you use -dynamic, can't you change interface and/or address on the fly?

Could you show your natd command/s and/or config file contents, obscured as needed?

Also, what ipfw rules are used?

 

[hschauhan]

It's been many years since I last ran natd(8), so I just browsed the manpage, but if you use -dynamic, can't you change interface and/or address on the fly?

Could you show your natd command/s and/or config file contents, obscured as needed?

Also, what ipfw rules are used?

Hi smithi

natd.conf has:

dynamic yes
use_sockets yes
same_ports yes

dynamic has always been one of the flag. But it doesn't dynamically pickup
ipfw(8) rules are default. I haven't added anything.

As I said in previous post, restarting ipfw instead of natd, solves the issue.

 

[smithi]

Sorry, I missed this arriving while composing mine ...

ipfw restart will restart natd and update the firewall rules.

Great, that makes sense.

This post can be marked as solved. Thanks [FONT=monospace]SirDice[/FONT] for your reply!

You can edit that yourself.