ipfw does not work after reboot

[suhijo]

Hello people.

I have recently installed FreeBSD as my main production gateway/firewall and it works just fine. After a sudden power failure, I have noticed that every time I reboot the system the Internet conection works from/to my firewall only. (ping from the gateway)

nirvana# ping google.com                              
PING google.com (74.125.159.147): 56 data bytes
64 bytes from 74.125.159.147: icmp_seq=0 ttl=54 time=118.711 ms
64 bytes from 74.125.159.147: icmp_seq=1 ttl=54 time=118.750 ms                  
64 bytes from 74.125.159.147: icmp_seq=2 ttl=54 time=115.736 ms
64 bytes from 74.125.159.147: icmp_seq=3 ttl=54 time=123.913 ms

It does not act as a gateway for my LAN only after I restart the service ipfw.

nirvana# service ipfw restart
net.inet.ip.fw.enable: 1 -> 0
net.inet6.ip6.fw.enable: 1 -> 0
Stopping natd.
Waiting for PIDS: 779.
Firewall rules loaded.
Firewall logging enabled.
Starting natd.
nirvana#

And I got this in my rc.conf file:

...
gateway_enable="YES"
firewall_enable="YES"
firewall_type="open"
firewall_script="/etc/firewall"
firewall_logging="YES"
natd_enable="YES"
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
...

So what can it be? And thanks already for upcoming reply.

 

[wblock@]

Some interfaces take a long time to come up, and the firewall starting before the LAN interface is up would act that way. Jeremy Chadwick wrote a script to fix that. Worth testing a different brand of interface for the LAN, if you have one available.

 

[suhijo]

So, is it some kind of bug?. Also just to mention, I installed pfSense just for fun, and did work with it.

 

[wblock@]

More of a desired but previously unimplemented feature. Jeremy Chadwick's script or a comparable implementation will probably end up in the base system.

pfSense may do something similar, or may not see the same problem due to different methods.