Christian Biere wrote:

>Hi,
>
>several hours ago I've updated the sources from CVS and successfully
>built 2.0E userland & kernels. After installing and rebooting NAT didn't
>work at all, I couldn't get a TCP connection from behind the router. Also
>ipf blocked packets from the machine the router it was supposed to pass
>as if "keep state" wasn't respected. So I had to downgrade the machine.
>
>  
>
My experience are somewhat mixed. I do get panics during ifconfigs of 
bge0 in the inet6 output path (see PR/25227).
Since then I do not automatically start ipnat/ipf at boot. I still have 
those panics at system shutdown.

It seems to work when you do forcestarts after system boot. I am not 
sure whether configuration succeeds
always as i was adjusting the rules to match the extended error 
checking. Check for the rules actually
being active with ipfstat -i and ipfstat -o.
"keep state" works for me. Generally except for PR/25227 ipf works after 
ensuring that rules are
loaded.

Frank