From owner-freebsd-questions  Wed Jun 21  5:10:20 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp3.mail.ru (mx3.mail.ru [194.67.23.37])
	by hub.freebsd.org (Postfix) with ESMTP id 454A737B82E
	for <freebsd-questions@freebsd.org>; Wed, 21 Jun 2000 05:10:16 -0700 (PDT)
	(envelope-from jaroshenko@mail.ru)
Received: from [212.96.98.37] (helo=[212.96.98.37])
	by smtp3.mail.ru with esmtp (Exim 3.14 #4)
	id 134jKY-000Ji9-00
	for freebsd-questions@FreeBSD.ORG; Wed, 21 Jun 2000 16:10:08 +0400
Date: Wed, 21 Jun 2000 16:12:49 +0400 (MSD)
From: =?koi8-r?B?8dLP28XOy88g88XSx8XK?= <jaroshenko@mail.ru>
X-Sender: jaroshenko@freebsd.merlin.ru
To: freebsd-questions@FreeBSD.ORG
Subject: ipfilter,ipnat and forwarding de0 <-> tun0
Message-ID: <Pine.BSF.4.21.0006211453080.2623-100000@freebsd.merlin.ru>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Hi!
Problem:

My FreeBSD-4.0-STABLE box (gateway to Internet) after 
startup (or reboot) do not forwarding de0 <-> tun0.

1) In rc.conf
gateway_enable="YES"
ifconfig_de0="inet 192.168.5.1 netmask 0xffffff00 media 10base2/BNC"
tcp_extensions="YES"

2) rc.local
ipf   -Fa -f /etc/ipf.rc
ipmon -Ds
ipnat -CF -f /etc/nat.rc

3) kernel config:
options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
...
device          de              # DEC/Intel DC21x4x (``Tulip'')
pseudo-device   tun     1       # Packet tunnel.
pseudo-device   ether           # Ethernet support

4) "uname -a"

FreeBSD freebsd.merlin.ru 4.0-STABLE FreeBSD 4.0-STABLE #0: Tue Jun 20
14:14:36 MSD 2000 root@freebsd.merlin.ru:/usr/src/sys/compile/FREEBSD i386


5) After reboot (or plain startup):

[root@freebsd handbook]# ifconfig -a
de0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.5.1 netmask 0xffffff00 broadcast 192.168.5.255
        ether 00:80:48:da:1f:56
        media: 10base2/BNC status: active
        supported media: autoselect 10base5/AUI 10base2/BNC 10baseT/UTP
<full-duplex> 10baseT/UTP
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xffffff00
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
        inet 212.96.98.37 --> 212.96.98.7 netmask 0xffffffff
        Opened by PID 409

[root@freebsd handbook]# ipnat -ls
mapped  in      0       out     0
added   0       expired 0
inuse   0
rules   3
List of active MAP/Redirect filters:
map tun0 192.168.5.0/24  -> 0.0.0.0/32  proxy port ftp ftp/tcp
map tun0 192.168.5.0/24  -> 0.0.0.0/32  portmap tcp/udp 10000:65000
map tun0 192.168.5.0/24  -> 0.0.0.0/32
List of active sessions:
[root@freebsd handbook]#



Users in my lan can't connect to any Internet site and 
"tcpdump -i de0" show black screen - no packets from or to lan.
I go in single user mode ("init 1") and go again multiuser mode, connect
to Internet and all WORK... 
users connect to any Internet site 
"ipnat -ls" show list of active sessions
"tcpdump -i de0" show packets.

1) Why NAT not work after reboot but work after "init 1"?

2) How do NAT work after reboot (or startup) ?

Sorry for bad english.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message