I'm not really sure where this bug fits as it is a problem with natd/carp. I have 2 router systems that I just upgraded from 10.3 to 11.0. Both just basic installs running natd and carp. When I have the 2 systems up and running one is master and the other is in backup status. The natd on the backup system is still somehow impacting traffic. If I go into the backup system and do a /etc/rc.d/natd stop... traffic starts to flow thru the master system again. All of my other systems point to the carp vip 192.168.32.1 as their default gateway. The natd is configured on the carp vip of 10.140.241.5. Here is my configs. If there is anything else that you need to help troubleshoot this... please let me know. Thanks Don Master rc.conf: ifconfig_em1="inet 192.168.32.111 netmask 255.255.248.0" ifconfig_em1_alias0="inet vhid 111 pass ch@ng3m3 alias 192.168.32.1/21" ifconfig_em2="inet 10.140.241.3 netmask 255.255.255.240" ifconfig_em2_alias0="inet vhid 120 pass ch@ng3m3 alias 10.140.241.5/28" defaultrouter="10.140.241.2" gateway_enable="YES" firewall_enable="YES" firewall_logging="YES" firewall_type="open" firewall_script="/etc/ipfw.rules" natd_enable="YES" natd_interface="10.140.241.5" natd_flags="-f /etc/natd.conf" Master natd.conf: port 8668 alias_address 10.140.241.5 log_denied yes deny_incoming no use_sockets yes same_ports no log_ipfw_denied yes Backup rc.conf: ifconfig_em1="inet 192.168.32.112 netmask 255.255.248.0" ifconfig_em1_alias0="inet vhid 111 advskew 50 pass ch@ng3m3 alias 192.168.32.1/21" ifconfig_em2="inet 10.140.241.4 netmask 255.255.255.240" ifconfig_em2_alias0="inet vhid 120 advskew 50 pass ch@ng3m3 alias 10.140.241.5/28" defaultrouter="10.140.241.2" gateway_enable="YES" firewall_enable="YES" firewall_logging="YES" firewall_type="open" firewall_script="/etc/ipfw.rules" natd_enable="YES" natd_interface="10.140.241.5" natd_flags="-f /etc/natd.conf" Backup natd.conf: port 8668 alias_address 10.140.241.5 log_denied yes deny_incoming no use_sockets yes same_ports no log_ipfw_denied yes
Looking at top... the natd process on both servers spike to around 100% when both servers are running natd. natd drops to around 1% when you stop the service on the other server. Thanks
Has anyone looked into this yet... it is still a problem on 11.0-RELEASE-p9.
(In reply to Don Randolph from comment #2) Your problem may be related to this one: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209491 Please try workaround mentioned there - add following rule to your ipfw ruleset: ${fwcmd} add 51 deny ip from any to any out recv ${natd_interface} xmit ${natd_interface} diverted
That looks like it has done the trick... thank you so much. Is this going to be the permanent fix or just a temporary work around?
(In reply to Don Randolph from comment #4) That's temporary workaround until Someone(TM) fix the breakage.
Carp seems unrelated to the problem but a pair of natd instances in the same broadcast domain are. *** This bug has been marked as a duplicate of bug 209491 ***