From owner-freebsd-questions@FreeBSD.ORG  Mon Oct 10 04:19:07 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 99A1716A41F
	for <freebsd-questions@freebsd.org>;
	Mon, 10 Oct 2005 04:19:07 +0000 (GMT)
	(envelope-from perikillo@gmail.com)
Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 333F543D49
	for <freebsd-questions@freebsd.org>;
	Mon, 10 Oct 2005 04:19:07 +0000 (GMT)
	(envelope-from perikillo@gmail.com)
Received: by xproxy.gmail.com with SMTP id s11so211565wxc
	for <freebsd-questions@freebsd.org>;
	Sun, 09 Oct 2005 21:19:06 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=g31JaFwx7qAu2eXk5qj1Iez0SvXq3sXylnAnn734tFtImYKpRd7n9/TFTkE91Z0M0MEwiGTqRqvlAmnZXq4l01uUt/6kAe/tW/WZlCJXfm69nFpSRB4HCcSKaLtlviqzYnkhyEien8Xo5xuq2c8+zN+at0L4+WbkV/Tud7zIoSQ=
Received: by 10.70.113.7 with SMTP id l7mr3125872wxc;
	Sun, 09 Oct 2005 21:11:52 -0700 (PDT)
Received: by 10.70.77.6 with HTTP; Sun, 9 Oct 2005 21:11:52 -0700 (PDT)
Message-ID: <51d7a5160510092111w27ab38ccld7f5bb0ae03abfa7@mail.gmail.com>
Date: Sun, 9 Oct 2005 21:11:52 -0700
From: perikillo <perikillo@gmail.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: freebsd 5.4 and ipnat startup problem...?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: perikillo <perikillo@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2005 04:19:07 -0000

 Hi people.
   I was using freebsd 4.11 like gateway with ipfilter enable and
ipnat. It was working very good, but after some years start giving me
problems, it was the time to try with 5.4, them i made a fresh freebsd
5.4 installation. Them i update my source and made the buildworld
process and now i have running freebsd 5.4-p7.

   I read the handbook to see if something change in the ipfilter
section but dont see to much different. I change my kernel file to
enable ipfilter plus another secure options, normally on my firewalls
i dont install any X stuff only the necesary stuff to run my
firewalls.

  Setup my /etc/rc.conf to enable ipfilter+ipnat+ipmon+gateway.

  My connection is PPPoE, them i copy those files: ppp.conf +
ppp.linkup from my old machine to my new system and made the changes,
normally the NIC option.

  Copy my ipfilter rules and ipnat rules from my old system to my new
system, them made the neccesary changes on ipfilter.rules because
ipnat.rules dont need to.

   I have on the new system one NIC Intel dual port 82558 Pro/100
Ethernet driver fxp, my PPPoE is conected to fxp1 and my gateway is
fxp0(192.168.0.1).

   Test and after some little changes, i was having my new firewall +
nat system to serve my local machines. I test my windows systems and
it was working, but i found some messages on the startup process:

ioctl(SIOCIPFL6): invalid argument

   Read some ipfilter maillist post and Darren Red say that if we
enable IP6 on the kernel this message disappear, i ask my self, with
do i need that option if only run one simply network with only one
firewall and 2 clients IPv4...?

   Ok, i enable IP6 on the kernel and the message disappear, good.

   Them i found this message:

    filter sync'd <<<<----twice why...? and ipnat wasnt translating
anything to my clients, i can run:

#ipnat -l

    And show me the list filter rules, i can ping my local machines
from freebsd and from windows, i can ping internet adreess, like yahoo
or freebsd from my firewall but windows cannot, if i ping with my
firewall outsite address and them run ipnat -l, dosent show any active
sessions...? i think only ipfilter is working but not ipnat...?

    Right now i need to manually run ipnat every time i use my
firewall, i have been searching about, but dont see any solution
yet!!!

    Another message appear on my startup process:

su: NSSWITCH(nss_method_lookup): nis, passwd_compat, endpwent, not found

   I found with apropos nsswitch.conf, i still dont know about nis to
much, i dont have nothing enable on my rc.conf file about nis, but i
really need this option...?

   Them someone knows how to fix the ipnat problem? and is good to
enable NIS...?

   Thanks all for your time.

   Freebsd 5.4-p7
   ipfilter enable on kernel 3.4.35