Date: Thu, 11 Jan 2001 23:35:13 +0100 From: Marco Masotti <masotti@mclink.it> To: trini0 <trini0@optonline.net>, questions@freebsd.org Subject: Re: IPFILTER/ipnat does not work at boot until manually syncing with ipf -y Message-ID: <3A5E3520.600D55D6@mclink.it> References: <1.0.2.200101110857.9432@mclink.it> <3A5DD205.2A528703@optonline.net>
next in thread | previous in thread | raw e-mail | index | archive | help
trini0 wrote: > Read the man page for rc.conf Hello, thanks for replying. I tried to go with rc.conf, but it actually turned out to be just one more regimented way to do the thing. Until after a "ipf -y" is issued right with PPTP/PPP connection already established for a while and the default route installed, the gateway does not forward from the internal Lan - Just limits to do it from the gateway machine itself. Also, as far as I can note, it's not anything related to the bootstrap state or stage, it's reproducibile and it happens in two different systems for hardware and OS release (4.1-REL and 4.2-REL) I admit it's really boring to assist a machine booting with a stupid command by hand! Has anyone got the case to use PPTP/userPPP and IPFILTER/ipnat like that? Thanks! -- Marco > > > Marco Masotti wrote: > > > Hello. > > > > I've setup a firewall/gateway machine, connected via PPTP to adsl and using IPFILTER/nat to give access to the private internal Lan. > > > > Unfortunately I'm experiencing problems in getting the machine self starting on boot with all whistles and bells, because the nat functions does not not operate fine when the machine booted, UNTIL issuing by hand a ipf -y, OR flushing/reloading the intenal lists of rules (ipnat). > > > > I've located the startup scripts in /usr/local/etc/rc.d, with the PPTP starting correctly as well as the ipnat statements being executed apparently well. Nevertheless, at every boot, I'm forced to log into the machine as root and to issue the ipf -y command manually, and only until then the internal machines can reach the Internet. > > > > Is there any suggested precednce or procedure in firing up the PPTP connection without disturbing the IPFILTER internal lists or any hint in this regard? > > > > Thank you for any help! > > > > -- > > Marco > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > > _____________________________ > | trini0 | > | | > / ) | Systems Administrator | > / / | Network Engineer | > ( ( | email ==> | > (((\ \> |/ ) trini0@optonline.net | > (\\\\ \_/ /_________________________| > \ / > \ _/ > / / > / / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5E3520.600D55D6>