From owner-freebsd-questions@FreeBSD.ORG Sun Jan 1 01:32:45 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B5CB16A41F for ; Sun, 1 Jan 2006 01:32:45 +0000 (GMT) (envelope-from perikillo@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id E401743D49 for ; Sun, 1 Jan 2006 01:32:44 +0000 (GMT) (envelope-from perikillo@gmail.com) Received: by zproxy.gmail.com with SMTP id q3so1508783nzb for ; Sat, 31 Dec 2005 17:32:45 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=FL2Pi12ahTsJCVLpGDay/DBsP9DX7MyUaLVC+etHL6Ny0uaWifCnhQ228z4zyc5fdXMKi9u+9vyoXIZ7+lx2yiRBvoZIZ94T963XPm9xfS3paWbPcnoUYRbDIO/elEb/KFUix0Fjw0wml1HR9/nFsbCLOlbfMY2q0rWOze2+inQ= Received: by 10.65.197.10 with SMTP id z10mr4568053qbp; Sat, 31 Dec 2005 17:32:45 -0800 (PST) Received: by 10.65.192.19 with HTTP; Sat, 31 Dec 2005 17:32:44 -0800 (PST) Message-ID: <51d7a5160512311732j4407dfd7g13af541ebf578213@mail.gmail.com> Date: Sat, 31 Dec 2005 17:32:44 -0800 From: perikillo To: freebsd-questions@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20051231130326.D699@nebuchadnezzar.my.domain> Subject: Re: ipnat -CF -f /etc/ipnat.rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Jan 2006 01:32:45 -0000 On 12/30/05, Ruben Bloemgarten wrote: > Hi Caleb, > > Add ipfs_enable=3D"YES". > > Regards, > Ruben > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of caleb > Sent: December 31, 2005 3:16 AM > To: freebsd-questions@freebsd.org > Subject: ipnat -CF -f /etc/ipnat.rules > > Hi everyone, > I have just put together a router/firewall using 5.4 RELEASE > and IPFILTER. Everything is working fine except I have to manually flush > the NAT table every time the router boots. below is my rc.conf and > ipnat.rules, I have used rc.conf to start everything at boot; > > /* rc.conf */ > > gateway_enable=3D"YES" > sshd_enable=3D"YES" > ifconfig_rl1=3D"inet 10.0.0.1 netmask 255.255.255.0" > ifconfig_rl0=3D"inet 192.168.0.1 netmask 255.255.255.0" > hostname=3D"tweak" > ipfilter_enable=3D"YES" > ipfilter_rules=3D"/etc/ipf.rules" > ipmon_enable=3D"YES" > ipmon_flags=3D"-Ds" > ipnat_enable=3D"YES" > ipnat_rules=3D"/etc/ipnat.rules" > ppp_enable=3D"YES" > ppp_mode=3D"ddial" > ppp_nat=3D"NO" > ppp_profile=3D"netspace" > ppp_user=3D"root" > > /* ipnat.rules */ > > map tun0 192.168.0.0/24 -> 0/32 > > > Is there something I am missing? I do not think it is ipf, as I have > configured it to allow everything in and out. Could you please CC me if > you decide to help. > > Thankyou, > > caleb > -- > There is no spoon > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/200= 5 > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/200= 5 > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > Hi Ruben, months ago i didnt found how to fix that problem, if i remenber it was a little bug on ipfilter, i try a lot of changes on the system, right i was setting up ipfilter on another box, fresh installation: *freebsd 5.4-p8 *ipf v3.4.35 I try your tip, but didnt work, i was thinking that maybe secure_level =3D 2 was the problem but no, i download to 1 and still didnt work. Them the only solution i found before was to create one simple script to re-charge ipnat: ee /etc/rc.d/ipnat.bug #!/bin/sh echo "Fix ipnat bug" ipnat -FC -f /etc/ipnat.rules root#chmod +x /etc/rc.d/ipnat.rules Now i dont need to manually re-charge ipnat every time i restart the system, i hope that this little problem will be fix on freebsd 6.0. Hi cale, this i are my ipnat rules, hope they help you: map tun0 0/0 -> 0/32 proxy port ftp ftp/tcp map tun0 0/0 -> 0/32 portmap tcp/udp 20000:40000 map tun0 0/0 -> 0/32 Good day to all and Happy New Year BSD people!!!