From owner-freebsd-stable@FreeBSD.ORG Thu May 26 05:08:20 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAEC216A41C for ; Thu, 26 May 2005 05:08:20 +0000 (GMT) (envelope-from sergei@konst.donpac.ru) Received: from konst.donpac.ru (f2cis.konst.donpac.ru [83.221.201.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3232143D1F for ; Thu, 26 May 2005 05:08:19 +0000 (GMT) (envelope-from sergei@konst.donpac.ru) Received: from Curs3 (curs3.konst.donpac.ru [10.161.193.203]) by konst.donpac.ru (8.13.3/8.13.1) with ESMTP id j4Q58Hg4052965 for ; Thu, 26 May 2005 09:08:18 +0400 (MSD) (envelope-from sergei@konst.donpac.ru) From: "sergei" To: Date: Thu, 26 May 2005 09:08:41 +0400 Message-ID: <007f01c561b0$ff758f40$cbc1a10a@Curs3> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 In-Reply-To: <4294F3EE.9000609@leadhill.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Virus-Scanned: ClamAV 0.85/894/Wed May 25 16:53:16 2005 on konst.donpac.ru X-Virus-Status: Clean Subject: RE: 5-Stable (5.4) any ipnat changes? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 05:08:21 -0000 I have the same problem: After I cvsuped my system from 5.3 to 5.4, ipfilter (compiled in the my custom kernel) & ipnat not start automatically. If I do "/etc/rc.d/ipfilter start && /etc/rc.d/ipnat start" manually - all works fine... Lines "ipfilner_enable=YES" and "ipnat_enable=YES" present in the /etc/rc.conf. ~>-----Original Message----- ~>From: owner-freebsd-stable@freebsd.org ~>[mailto:owner-freebsd-stable@freebsd.org] On Behalf Of Billy Newsom ~>Sent: Thursday, May 26, 2005 1:54 AM ~>To: freebsd-stable@freebsd.org ~>Subject: 5-Stable (5.4) any ipnat changes? ~> ~> ~>Is there some reason why ipnat wouldn't automatically startup? ~> ~>I just upgraded from a 5-stable in February to a 5-stable in ~>May, so I ~>could essentially get 5.4 on this firewall machine. I simultaneously ~>was upgrading some ports, etc., but nothing too severe. When ~>I rebooted ~>the machine, everything looked fine. No problems whatsoever. ~> This was ~>the first time that I compiled multiple kernels (normally I ~>just compile ~>a custom and not the generic), but that is not related. ~> ~>What happened is that I had a strange problem receiving mail ~>on the mail ~>server. It took me quite a while to finally track down the ~>problem. I ~>ended up running a packet sniffer and still couldn't figure it out. ~>Well, it turned out that the filters in ipnat weren't ~>installed, and so ~>all of the NAT routing wasn't happening as normal. ~> ~>I have really never seen this server boot without NAT -- it's ~>basically ~>the same setup I've used for years and it never dawned on me ~>what would ~>happen if ipnat failed to run its filters. Meanwhile, ~>IPFilter was busy ~>running the firewall like normal. ~> ~>I have looked at the logs in detail and I can't find anything ~>that would ~>have turned off ipnat or caused it not to run its filter. ~>Nor, on the ~>otherhand, do I see where ipnat logs anything, anyway. ~> ~>Where would I look to track this down? Is it possible that ~>something in ~> stable messed this up? ~> ~> ~># ls -l /etc/ipnat.rules ~>-rw-r--r-- 1 root wheel 437 Mar 14 14:18 /etc/ipnat.rules ~> ~>Notice no changes since March in that file. ~> ~># cat /etc/rc.conf | grep ip ~>ipfilter_enable="YES" # Set to YES to enable ipfilter ~>functionality ~>ipfilter_program="/sbin/ipf" # where the ipfilter program lives ~>ipfilter_rules="/etc/ipf.rules" # rules definition file for ~>ipfilter, see ~> # ~>/usr/src/contrib/ipfilter/rules for ~>examples ~>ipfilter_flags="" # additional flags for ipfilter ~>ipnat_enable="YES" # Set to YES to enable ipnat ~>functionality ~>ipnat_program="/sbin/ipnat" # where the ipnat program lives ~>ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ~>ipnat_flags="" # additional flags for ipnat ~>ipmon_enable="YES" # Set to YES for ipmon; ~>needs ipfilter ~>or ipnat ~>ipmon_program="/sbin/ipmon" # where the ipfilter ~>monitor program lives ~>ipmon_flags="-Ds" # typically "-Ds" or "-D ~>/var/log/ipflog" ~>ipfs_enable="YES" # Set to YES to enable saving ~>and restoring ~>ipfs_program="/sbin/ipfs" # where the ipfs program lives ~>ipfs_flags="" # additional flags for ipfs ~> ~>Thanks. ~>Billy ~>_______________________________________________ ~>freebsd-stable@freebsd.org mailing list ~>http://lists.freebsd.org/mailman/listinfo/freebsd-stable ~>To unsubscribe, send any mail to ~>"freebsd-stable-unsubscribe@freebsd.org" ~>