Date: Wed, 25 May 2005 16:53:50 -0500 From: Billy Newsom <smartweb@leadhill.net> To: freebsd-stable@freebsd.org Subject: 5-Stable (5.4) any ipnat changes? Message-ID: <4294F3EE.9000609@leadhill.net>
next in thread | raw e-mail | index | archive | help
Is there some reason why ipnat wouldn't automatically startup? I just upgraded from a 5-stable in February to a 5-stable in May, so I could essentially get 5.4 on this firewall machine. I simultaneously was upgrading some ports, etc., but nothing too severe. When I rebooted the machine, everything looked fine. No problems whatsoever. This was the first time that I compiled multiple kernels (normally I just compile a custom and not the generic), but that is not related. What happened is that I had a strange problem receiving mail on the mail server. It took me quite a while to finally track down the problem. I ended up running a packet sniffer and still couldn't figure it out. Well, it turned out that the filters in ipnat weren't installed, and so all of the NAT routing wasn't happening as normal. I have really never seen this server boot without NAT -- it's basically the same setup I've used for years and it never dawned on me what would happen if ipnat failed to run its filters. Meanwhile, IPFilter was busy running the firewall like normal. I have looked at the logs in detail and I can't find anything that would have turned off ipnat or caused it not to run its filter. Nor, on the otherhand, do I see where ipnat logs anything, anyway. Where would I look to track this down? Is it possible that something in stable messed this up? # ls -l /etc/ipnat.rules -rw-r--r-- 1 root wheel 437 Mar 14 14:18 /etc/ipnat.rules Notice no changes since March in that file. # cat /etc/rc.conf | grep ip ipfilter_enable="YES" # Set to YES to enable ipfilter functionality ipfilter_program="/sbin/ipf" # where the ipfilter program lives ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="" # additional flags for ipfilter ipnat_enable="YES" # Set to YES to enable ipnat functionality ipnat_program="/sbin/ipnat" # where the ipnat program lives ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ipnat_flags="" # additional flags for ipnat ipmon_enable="YES" # Set to YES for ipmon; needs ipfilter or ipnat ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" ipfs_enable="YES" # Set to YES to enable saving and restoring ipfs_program="/sbin/ipfs" # where the ipfs program lives ipfs_flags="" # additional flags for ipfs Thanks. Billy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4294F3EE.9000609>