Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 May 2005 09:08:41 +0400
From:      "sergei" <sergei@konst.donpac.ru>
To:        <freebsd-stable@freebsd.org>
Subject:   RE: 5-Stable (5.4) any ipnat changes?
Message-ID:  <007f01c561b0$ff758f40$cbc1a10a@Curs3>
In-Reply-To: <4294F3EE.9000609@leadhill.net>

next in thread | previous in thread | raw e-mail | index | archive | help
I have the same problem:

After I cvsuped my system from 5.3 to 5.4, ipfilter (compiled in the my
custom kernel) & ipnat not start automatically. If I do
"/etc/rc.d/ipfilter start && /etc/rc.d/ipnat start" manually - all works
fine... Lines "ipfilner_enable=YES" and "ipnat_enable=YES" present in
the /etc/rc.conf.




~>-----Original Message-----
~>From: owner-freebsd-stable@freebsd.org 
~>[mailto:owner-freebsd-stable@freebsd.org] On Behalf Of Billy Newsom
~>Sent: Thursday, May 26, 2005 1:54 AM
~>To: freebsd-stable@freebsd.org
~>Subject: 5-Stable (5.4) any ipnat changes?
~>
~>
~>Is there some reason why ipnat wouldn't automatically startup?
~>
~>I just upgraded from a 5-stable in February to a 5-stable in 
~>May, so I 
~>could essentially get 5.4 on this firewall machine.  I simultaneously 
~>was upgrading some ports, etc., but nothing too severe.  When 
~>I rebooted 
~>the machine, everything looked fine.  No problems whatsoever. 
~> This was 
~>the first time that I compiled multiple kernels (normally I 
~>just compile 
~>a custom and not the generic), but that is not related.
~>
~>What happened is that I had a strange problem receiving mail 
~>on the mail 
~>server.  It took me quite a while to finally track down the 
~>problem.  I 
~>ended up running a packet sniffer and still couldn't figure it out. 
~>Well, it turned out that the filters in ipnat weren't 
~>installed, and so 
~>all of the NAT routing wasn't happening as normal.
~>
~>I have really never seen this server boot without NAT -- it's 
~>basically 
~>the same setup I've used for years and it never dawned on me 
~>what would 
~>happen if ipnat failed to run its filters.  Meanwhile, 
~>IPFilter was busy 
~>running the firewall like normal.
~>
~>I have looked at the logs in detail and I can't find anything 
~>that would 
~>have turned off ipnat or caused it not to run its filter.  
~>Nor, on the 
~>otherhand, do I see where ipnat logs anything, anyway.
~>
~>Where would I look to track this down?  Is it possible that 
~>something in 
~>  stable messed this up?
~>
~>
~># ls -l /etc/ipnat.rules
~>-rw-r--r--  1 root  wheel  437 Mar 14 14:18 /etc/ipnat.rules
~>
~>Notice no changes since March in that file.
~>
~># cat /etc/rc.conf | grep ip
~>ipfilter_enable="YES"           # Set to YES to enable ipfilter 
~>functionality
~>ipfilter_program="/sbin/ipf"    # where the ipfilter program lives
~>ipfilter_rules="/etc/ipf.rules" # rules definition file for 
~>ipfilter, see
~>                                 # 
~>/usr/src/contrib/ipfilter/rules for 
~>examples
~>ipfilter_flags=""               # additional flags for ipfilter
~>ipnat_enable="YES"              # Set to YES to enable ipnat 
~>functionality
~>ipnat_program="/sbin/ipnat"     # where the ipnat program lives
~>ipnat_rules="/etc/ipnat.rules"  # rules definition file for ipnat
~>ipnat_flags=""                  # additional flags for ipnat
~>ipmon_enable="YES"                # Set to YES for ipmon; 
~>needs ipfilter 
~>or ipnat
~>ipmon_program="/sbin/ipmon"       # where the ipfilter 
~>monitor program lives
~>ipmon_flags="-Ds"               #  typically "-Ds" or "-D 
~>/var/log/ipflog"
~>ipfs_enable="YES"               # Set to YES to enable saving 
~>and restoring
~>ipfs_program="/sbin/ipfs"       # where the ipfs program lives
~>ipfs_flags=""                   # additional flags for ipfs
~>
~>Thanks.
~>Billy
~>_______________________________________________
~>freebsd-stable@freebsd.org mailing list
~>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
~>To unsubscribe, send any mail to 
~>"freebsd-stable-unsubscribe@freebsd.org"
~>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007f01c561b0$ff758f40$cbc1a10a>