From owner-freebsd-hackers Wed Apr 23 11:29:09 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA15231 for hackers-outgoing; Wed, 23 Apr 1997 11:29:09 -0700 (PDT) Received: from dilbert.bb.cc.wa.us ([208.8.136.10]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA15224 for ; Wed, 23 Apr 1997 11:29:05 -0700 (PDT) Received: (from chris@localhost) by dilbert.bb.cc.wa.us (8.8.3/8.8.3) id LAA00248; Wed, 23 Apr 1997 11:27:12 -0700 (PDT) Date: Wed, 23 Apr 1997 11:27:11 -0700 (PDT) From: Chris Coleman To: Darren Reed cc: hackers@freebsd.org Subject: Re: IPFILTER In-Reply-To: <199704231151.EAA11031@dilbert.bb.cc.wa.us> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk These are the rules that i would like to have work: map fxp0 10.17.0.0/16 -> 208.8.136.182/32 portmap tcp/udp 10000:65000 map fxp0 10.16.11.0/24 -> 208.8.136.180/32 portmap tcp/udp 10000:65000 map fxp0 10.16.4.0/24 -> 208.8.136.181/32 portmap tcp/udp 10000:65000 map fxp0 10.12.0.0/16 -> 208.8.136.184/32 portmap tcp/udp 10000:65000 map fxp0 10.16.0.0/16 -> 208.8.136.185/32 portmap tcp/udp 10000:65000 map fxp0 10.0.0.0/8 -> 208.8.136.10/32 portmap tcp/udp 10000:65000 But when ever i do it, the internet stops working for all the virtual address i have set up. I do an ipnat -ls and it shows that is has mapped things according to what i specified. Have i specified something wrong? Can i specify different ip addresses to go out the same etherNIC? I also had a problem with ipnat -FC. when i tried to Flush the active routes, it causes a panic :free: too many frees. and the system reboots. it only happens when i have it running for a while. when i first start it i can Clear and Flush perfectly. But it seems to be associated with the load, or number of active links that have been mapped in. Also, after it had been up about 30+ days, all of a sudden it just froze up. I am not sure if it had anything to do with ipnat, but that was all that was running on the machine, i was wondering if there might be a limit as to how many active routes it can handle before it needs reset. or if there might be a memory leak or something. I am running the LKM version 3.1.4 of ipfilter, but only using the ipnat stuff. Thanks. --Chris