freebsd 5.4 and ipnat startup problem...?

perikillo perikillo at gmail.com
Sun Oct 9 21:19:07 PDT 2005


 Hi people.
   I was using freebsd 4.11 like gateway with ipfilter enable and
ipnat. It was working very good, but after some years start giving me
problems, it was the time to try with 5.4, them i made a fresh freebsd
5.4 installation. Them i update my source and made the buildworld
process and now i have running freebsd 5.4-p7.

   I read the handbook to see if something change in the ipfilter
section but dont see to much different. I change my kernel file to
enable ipfilter plus another secure options, normally on my firewalls
i dont install any X stuff only the necesary stuff to run my
firewalls.

  Setup my /etc/rc.conf to enable ipfilter+ipnat+ipmon+gateway.

  My connection is PPPoE, them i copy those files: ppp.conf +
ppp.linkup from my old machine to my new system and made the changes,
normally the NIC option.

  Copy my ipfilter rules and ipnat rules from my old system to my new
system, them made the neccesary changes on ipfilter.rules because
ipnat.rules dont need to.

   I have on the new system one NIC Intel dual port 82558 Pro/100
Ethernet driver fxp, my PPPoE is conected to fxp1 and my gateway is
fxp0(192.168.0.1).

   Test and after some little changes, i was having my new firewall +
nat system to serve my local machines. I test my windows systems and
it was working, but i found some messages on the startup process:

ioctl(SIOCIPFL6): invalid argument

   Read some ipfilter maillist post and Darren Red say that if we
enable IP6 on the kernel this message disappear, i ask my self, with
do i need that option if only run one simply network with only one
firewall and 2 clients IPv4...?

   Ok, i enable IP6 on the kernel and the message disappear, good.

   Them i found this message:

    filter sync'd <<<<----twice why...? and ipnat wasnt translating
anything to my clients, i can run:

#ipnat -l

    And show me the list filter rules, i can ping my local machines
from freebsd and from windows, i can ping internet adreess, like yahoo
or freebsd from my firewall but windows cannot, if i ping with my
firewall outsite address and them run ipnat -l, dosent show any active
sessions...? i think only ipfilter is working but not ipnat...?

    Right now i need to manually run ipnat every time i use my
firewall, i have been searching about, but dont see any solution
yet!!!

    Another message appear on my startup process:

su: NSSWITCH(nss_method_lookup): nis, passwd_compat, endpwent, not found

   I found with apropos nsswitch.conf, i still dont know about nis to
much, i dont have nothing enable on my rc.conf file about nis, but i
really need this option...?

   Them someone knows how to fix the ipnat problem? and is good to
enable NIS...?

   Thanks all for your time.

   Freebsd 5.4-p7
   ipfilter enable on kernel 3.4.35


More information about the freebsd-questions mailing list