From owner-freebsd-questions Thu Jan 11 14:43: 7 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.mclink.it (net128-007.mclink.it [195.110.128.7]) by hub.freebsd.org (Postfix) with ESMTP id 18DD237B400 for ; Thu, 11 Jan 2001 14:42:48 -0800 (PST) Received: from mclink.it (net156-075.mclink.it [195.110.156.75]) by mail.mclink.it (8.9.3/8.9.0) with ESMTP id XAA13125; Thu, 11 Jan 2001 23:42:43 +0100 (CET) Message-ID: <3A5E3520.600D55D6@mclink.it> Date: Thu, 11 Jan 2001 23:35:13 +0100 From: Marco Masotti X-Mailer: Mozilla 4.7C-SGI [en] (X11; I; IRIX 6.5 IP32) X-Accept-Language: en MIME-Version: 1.0 To: trini0 , questions@freebsd.org Subject: Re: IPFILTER/ipnat does not work at boot until manually syncing with ipf -y References: <1.0.2.200101110857.9432@mclink.it> <3A5DD205.2A528703@optonline.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG trini0 wrote: > Read the man page for rc.conf Hello, thanks for replying. I tried to go with rc.conf, but it actually turned out to be just one more regimented way to do the thing. Until after a "ipf -y" is issued right with PPTP/PPP connection already established for a while and the default route installed, the gateway does not forward from the internal Lan - Just limits to do it from the gateway machine itself. Also, as far as I can note, it's not anything related to the bootstrap state or stage, it's reproducibile and it happens in two different systems for hardware and OS release (4.1-REL and 4.2-REL) I admit it's really boring to assist a machine booting with a stupid command by hand! Has anyone got the case to use PPTP/userPPP and IPFILTER/ipnat like that? Thanks! -- Marco > > > Marco Masotti wrote: > > > Hello. > > > > I've setup a firewall/gateway machine, connected via PPTP to adsl and using IPFILTER/nat to give access to the private internal Lan. > > > > Unfortunately I'm experiencing problems in getting the machine self starting on boot with all whistles and bells, because the nat functions does not not operate fine when the machine booted, UNTIL issuing by hand a ipf -y, OR flushing/reloading the intenal lists of rules (ipnat). > > > > I've located the startup scripts in /usr/local/etc/rc.d, with the PPTP starting correctly as well as the ipnat statements being executed apparently well. Nevertheless, at every boot, I'm forced to log into the machine as root and to issue the ipf -y command manually, and only until then the internal machines can reach the Internet. > > > > Is there any suggested precednce or procedure in firing up the PPTP connection without disturbing the IPFILTER internal lists or any hint in this regard? > > > > Thank you for any help! > > > > -- > > Marco > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > -- > > _____________________________ > | trini0 | > | | > / ) | Systems Administrator | > / / | Network Engineer | > ( ( | email ==> | > (((\ \> |/ ) trini0@optonline.net | > (\\\\ \_/ /_________________________| > \ / > \ _/ > / / > / / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message