Date: Thu, 26 May 2005 09:08:41 +0400 From: "sergei" <sergei@konst.donpac.ru> To: <freebsd-stable@freebsd.org> Subject: RE: 5-Stable (5.4) any ipnat changes? Message-ID: <007f01c561b0$ff758f40$cbc1a10a@Curs3> In-Reply-To: <4294F3EE.9000609@leadhill.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I have the same problem: After I cvsuped my system from 5.3 to 5.4, ipfilter (compiled in the my custom kernel) & ipnat not start automatically. If I do "/etc/rc.d/ipfilter start && /etc/rc.d/ipnat start" manually - all works fine... Lines "ipfilner_enable=YES" and "ipnat_enable=YES" present in the /etc/rc.conf. ~>-----Original Message----- ~>From: owner-freebsd-stable@freebsd.org ~>[mailto:owner-freebsd-stable@freebsd.org] On Behalf Of Billy Newsom ~>Sent: Thursday, May 26, 2005 1:54 AM ~>To: freebsd-stable@freebsd.org ~>Subject: 5-Stable (5.4) any ipnat changes? ~> ~> ~>Is there some reason why ipnat wouldn't automatically startup? ~> ~>I just upgraded from a 5-stable in February to a 5-stable in ~>May, so I ~>could essentially get 5.4 on this firewall machine. I simultaneously ~>was upgrading some ports, etc., but nothing too severe. When ~>I rebooted ~>the machine, everything looked fine. No problems whatsoever. ~> This was ~>the first time that I compiled multiple kernels (normally I ~>just compile ~>a custom and not the generic), but that is not related. ~> ~>What happened is that I had a strange problem receiving mail ~>on the mail ~>server. It took me quite a while to finally track down the ~>problem. I ~>ended up running a packet sniffer and still couldn't figure it out. ~>Well, it turned out that the filters in ipnat weren't ~>installed, and so ~>all of the NAT routing wasn't happening as normal. ~> ~>I have really never seen this server boot without NAT -- it's ~>basically ~>the same setup I've used for years and it never dawned on me ~>what would ~>happen if ipnat failed to run its filters. Meanwhile, ~>IPFilter was busy ~>running the firewall like normal. ~> ~>I have looked at the logs in detail and I can't find anything ~>that would ~>have turned off ipnat or caused it not to run its filter. ~>Nor, on the ~>otherhand, do I see where ipnat logs anything, anyway. ~> ~>Where would I look to track this down? Is it possible that ~>something in ~> stable messed this up? ~> ~> ~># ls -l /etc/ipnat.rules ~>-rw-r--r-- 1 root wheel 437 Mar 14 14:18 /etc/ipnat.rules ~> ~>Notice no changes since March in that file. ~> ~># cat /etc/rc.conf | grep ip ~>ipfilter_enable="YES" # Set to YES to enable ipfilter ~>functionality ~>ipfilter_program="/sbin/ipf" # where the ipfilter program lives ~>ipfilter_rules="/etc/ipf.rules" # rules definition file for ~>ipfilter, see ~> # ~>/usr/src/contrib/ipfilter/rules for ~>examples ~>ipfilter_flags="" # additional flags for ipfilter ~>ipnat_enable="YES" # Set to YES to enable ipnat ~>functionality ~>ipnat_program="/sbin/ipnat" # where the ipnat program lives ~>ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ~>ipnat_flags="" # additional flags for ipnat ~>ipmon_enable="YES" # Set to YES for ipmon; ~>needs ipfilter ~>or ipnat ~>ipmon_program="/sbin/ipmon" # where the ipfilter ~>monitor program lives ~>ipmon_flags="-Ds" # typically "-Ds" or "-D ~>/var/log/ipflog" ~>ipfs_enable="YES" # Set to YES to enable saving ~>and restoring ~>ipfs_program="/sbin/ipfs" # where the ipfs program lives ~>ipfs_flags="" # additional flags for ipfs ~> ~>Thanks. ~>Billy ~>_______________________________________________ ~>freebsd-stable@freebsd.org mailing list ~>http://lists.freebsd.org/mailman/listinfo/freebsd-stable ~>To unsubscribe, send any mail to ~>"freebsd-stable-unsubscribe@freebsd.org" ~>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007f01c561b0$ff758f40$cbc1a10a>