I tried upgrading my server from 5.4 to 6.0 the other day. I noticed a
couple of things:
pfctl does not work with 6.0. It complains about certain ioctls, so I
would assume that the interface has changed. pf(4) on the FreeBSD
website should show you the difference. This was rather inconvenient,
because (as I'm sure you probably know) if you load pf.ko, the default
is deny, and therefore ssh doesn't work. Luckily, the server sits in my
apartment, so I could log in via the console.
bind9, while not stellar on 5.4, hangs on 6.0. On 5.4, it eventually
returns SERVFAIL for every request. On 6.0, it won't even start. This
may have been fixed, as I last experienced this a while ago, since I got
rid of bind9 and replaced it with pdns-{server,recursor}, which has had
no problems at all. I don't know what y'all think, but I personally
wouldn't mind a bit if we didn't support bind9.
Upon reinstalling 5.4 and rebooting into it, I found NAT didn't work.
After several hours, I finally discovered it was because IP forwarding
wasn't enabled, even though I had it in /etc/sysctl.conf. When I ran
sysctl to load it, I found that /bin/sysctl (the wrapper) was still
calling sysctl.real for that case. I changed it to /lib/freebsd/sysctl,
and all was well.
So, in order, someone should probably pull a diff of pfctl from 6.0, and
see if they can hack it to support both at once (deciding by uname, I
guess). I might do this if I have some time. If someone wants to know
about bind9, I can load it up on my kfreebsd partition on my desktop.
Assuming the package supports it, I'll compile it with debugging and run
it in gdb. Finally, the sysctl issue is a two line fix, which can be
done with the ex command:
%s/sysctl.real/\/lib\/freebsd\/sysctl/g
Thanks for your attention,
bmc
Attachment:
signature.asc
Description: This is a digitally signed message part