Date: Tue, 31 May 2005 00:03:25 -0500 From: Billy Newsom <smartweb@leadhill.net> To: freebsd-stable@freebsd.org Subject: ipnat is definitely broken in RELENG_5_4 Message-ID: <429BF01D.2070103@leadhill.net>
next in thread | raw e-mail | index | archive | help
I posted previously that ipnat failed to start after I upgraded to
FreeBSD 5.4. On the same machine, I am having additional ipnat failures.
I reported the first time that ipnat failed to start on the first boot.
I am now reporting that on the second boot, ipnat loaded and installed
its tables, as expected. A quick "ipnat -vls" at boot confirmed this.
YEAH! But ON SECOND LOOK, I found out that ipnat was failing to do
its normal network translation. A subsequent "ipnat -vls" confirmed
that there were no statistics for anything a day later -- all 0's, but I
should have been mapping in and out a lot of connections.
So I cleared ipnat's tables and reloaded the same ones. Instantly some
connections that were waiting to start were NATed in, and I saw some
active connections in the NAT statistics. There had apparently been
none since the second boot using FreeBSD 5.4.
I am adding this to the PR I filed, because something is still amiss. I
am now trying to figure out how to write a babysitter script for ipnat,
so it runs at boot, and maybe periodically to ensure NAT is on. If I am
away from this server, I wonder what I would do if I depended on
ipnat??? I would be firewalled out, essentially, needing to login
locally. This is major, so I am going to keep being persistent about it.
Thanks for any insight or workarounds... Still need to try enabling ipv6
in rc.conf as someone suggested??? Does that seem right?
Here's a few sanitized shell outputs. We have changed the port numbers
to protect the innocent.
Sun May 29 18:19:29 CDT 2005
[[My bootup time]]
# ipnat -vls
mapped in 0 out 0
added 0 expired 0
no memory 0 bad nat 0
inuse 0
rules 6
wilds 0
table 0xbfbfebc8 list 0xc1bc6e00
List of active MAP/Redirect filters:
rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
List of active sessions:
List of active host mappings:
[And I did this on the 30th!!! with no statistics a day later]]
# ipnat -vls
mapped in 0 out 0
added 0 expired 0
no memory 0 bad nat 0
inuse 0
rules 6
wilds 0
table 0xbfbfeba8 list 0xc1bc6e00
List of active MAP/Redirect filters:
rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
List of active sessions:
List of active host mappings:
# ipnat -C
6 entries flushed from NAT list
# ipnat -vls
mapped in 0 out 0
added 0 expired 0
no memory 0 bad nat 0
inuse 0
rules 0
wilds 0
table 0xbfbfeba8 list 0x0
List of active MAP/Redirect filters:
List of active sessions:
List of active host mappings:
# ipnat -f /etc/ipnat.rules
[Here is a few minutess later....]
# ipnat -vls
mapped in 14 out 12
added 1 expired 0
no memory 0 bad nat 0
inuse 1
rules 6
wilds 0
table 0xbfbfeba8 list 0xc43f1a00
List of active MAP/Redirect filters:
rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
List of active sessions:
RDR 127.0.0.1 99 <- -> 192.168.1.2 899 [16.10.10.211 42666]
age 438 use 0 sumd 0xba36/0xba36 pr 6 bkt 251/408 flags 1 drop 0/0
ifp oo0 bytes 8532 pkts 26
List of active host mappings:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?429BF01D.2070103>