From owner-freebsd-questions Tue Jun 1 17:29:23 1999 Delivered-To: freebsd-questions@freebsd.org Received: from icicle.winternet.com (icicle.winternet.com [198.174.169.13]) by hub.freebsd.org (Postfix) with ESMTP id 9382A14E63 for ; Tue, 1 Jun 1999 17:29:19 -0700 (PDT) (envelope-from nrahlstr@mail.winternet.com) Received: from tundra.winternet.com (nrahlstr@tundra.winternet.com [198.174.169.11]) by icicle.winternet.com (8.9.3/8.9.3) with ESMTP id TAA14811; Tue, 1 Jun 1999 19:29:17 -0500 (CDT) SMTP "HELO" (ESMTP) greeting from tundra.winternet.com But _really_ from :: nrahlstr@tundra.winternet.com [198.174.169.11] SMTP "MAIL From" = nrahlstr@mail.winternet.com (Nathan Ahlstrom) SMTP "RCPT To" = Received: (from nrahlstr@localhost) by tundra.winternet.com (8.8.7/8.8.4) id TAA14578; Tue, 1 Jun 1999 19:28:42 -0500 (CDT) Message-ID: <19990601192842.A14304@winternet.com> Date: Tue, 1 Jun 1999 19:28:42 -0500 From: Nathan Ahlstrom To: cjclark@home.com, FreeBSD Questions Subject: Re: NATd Problems at Startup Mail-Followup-To: cjclark@home.com, FreeBSD Questions References: <199906020022.UAA11269@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <199906020022.UAA11269@cc942873-a.ewndsr1.nj.home.com>; from Crist J. Clark on Tue, Jun 01, 1999 at 08:22:45PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG There are several PR's related to this issue, IIRC. I will check and get you some specific PR numbers later, if they exist. Nathan "Crist J. Clark" wrote: > I am setting up a machine to do NAT for a few other machines on a > 192.168.0.0 network. I have made what I believe are the appropriate > changes to rc.conf (this is a 2.2.8 system), > > % more /etc/rc.conf > . > [snip] > . > firewall_enable="YES" # Set to YES to enable firewall functionality > firewall_type="open" # Firewall type (see /etc/rc.firewall) > firewall_quiet="NO" # Set to YES to suppress rule display > tcp_extensions="YES" # Allow RFC1323 & RFC1644 extensions (or NO). > network_interfaces="fxp0 fxp1 lo0" # List of network interfaces (lo0 is loopback). > ifconfig_fxp0="inet 10.0.0.204 netmask 255.255.255.0" > ifconfig_fxp1="inet 192.168.0.1" > ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. > . > . > . > ### Network routing options: ### > defaultrouter="10.0.0.1" # Set to default gateway (or NO). > static_routes="" # Set to static route list (or leave empty). > gateway_enable="YES" # Set to YES if this host will be a gateway. > router_enable="NO" # Set to YES to enable a routing daemon. > router="routed" # Name of routing daemon to use if enabled. > router_flags="-q" # Flags for routing daemon. > mrouted_enable="NO" # Do multicast routing (see /etc/mrouted.conf). > mrouted_flags="" # Flags for multicast routing daemon. > ipxgateway_enable="NO" # Set to YES to enable IPX routing. > ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. > ipxrouted_flags="" # Flags for IPX routing daemon. > arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. > forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") > accept_sourceroute="NO" # accept source routed packets to us > natd_enable="YES" # Enable natd if firewall_enable. > natd_interface="fxp0" # Public interface to use with natd if natd_enab > le. > natd_flags="-log -unregistered_only" # Additional flags for natd. > . > . > . > > (The 10.0.0 net has been used to mask some registered IPs, so the > '-unregistered_only' flag makes sense on the real machine.) > > The problem is the order in which the standard rc* files start > things. The kernel messages come through fine, then the rc.firewall > output, but then things get to, > > Additional routing options: IP gateway=YES. > > And freeze. From examining the startup scripts, I believe this is > occuring at the next action after the nework_pass1 is completed, > > mount -a -t nfs > > That is, the NFS mounts are failing. If I hit ctrl-C at this point, > the boot continues, but again will freeze up while 'timed' starts. One > more ctrl-C and the boot completes. > > However, I have no timed or NFS services running. But they can be > started perfectly fine by hand at this point. > > It seems pretty clear to me that the problem is that rc.firewall, with > the line, > > /sbin/ipfw add divert natd all from any to any via fxp0 > > Is executed way at the begining during the rc.firewall script in > network_pass1, but natd is not started until _dead last_ in > network_pass3. With things in that condition, no network services will > function before natd starts. > > I have not seen mention of this problem in the docs which forces me to > wonder if I have not somehow messed this process up. Is there > something I have misconfigured? Or have I missed the docs that mention > how to fix/get around this problem? > > I should mention once I restart NFS and timed by hand, everything > seems to work just fine. > > Thanks for any help. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Nathan Ahlstrom FreeBSD: http://www.FreeBSD.org/ nrahlstr@winternet.com PGP Key ID: 0x67BC9D19 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message