kern/81606: ipnat fails to start after upgrade to RELENG_5_4
Billy Newsom
mailhelp at leadhill.net
Mon May 30 22:10:04 PDT 2005
The following reply was made to PR kern/81606; it has been noted by GNATS.
From: Billy Newsom <mailhelp at leadhill.net>
To: bug-followup at FreeBSD.org, mailhelp at leadhill.net
Cc:
Subject: Re: kern/81606: ipnat fails to start after upgrade to RELENG_5_4
Date: Tue, 31 May 2005 00:00:58 -0500
I reported the first time that ipnat failed to start on the first boot
after installing FreeBSD 5.4.
I am now reporting that on the second boot, ipnat loaded and installed
its tables, as expected. A quick "ipnat -vls" at boot confirmed this.
YEAH! But ON SECOND LOOK, I found out that ipnat was failing to do
its normal network translation. A subsequent "ipnat -vls" confirmed
that there were no statistics for anything a day later -- all 0's, but I
should have been mapping in and out a lot of connections.
So I cleared ipnat's tables and reloaded the same ones. Instantly some
connections that were waiting to start were NATed in, and I saw some
active connections in the NAT statistics. There had aparently been none
since the second boot using FreeBSD 5.4.
NAT is now working, but only because I manually cleared and re-loaded
the NAT tables. [See shell output below]
If I am away from this server, I wonder what I would do if I depended on
ipnat during a spontaneous reboot??? I would be firewalled out,
essentially, needing to login locally to fix it. This is major, or so I
see it.
Someone on the freebsd-stable list suggested I turn on ipv6 in rc.conf
or in the kernel. Have not tried, yet.
Here's a few sanitized shell outputs from the second boot of this
machine having ipnat problems. I changed the port numbers to protect
the innocent. [Note: oo0 is the name I gave to my WAN interface in
rc.conf.]
Sun May 29 18:19:29 CDT 2005
[[Bootup time for machine with FreeBSD 5.4, second boot]]
# ipnat -vls
mapped in 0 out 0
added 0 expired 0
no memory 0 bad nat 0
inuse 0
rules 6
wilds 0
table 0xbfbfebc8 list 0xc1bc6e00
List of active MAP/Redirect filters:
rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
List of active sessions:
List of active host mappings:
[Then I ran it again on the 30th... NO STATISTICS A DAY LATER]]
# ipnat -vls
mapped in 0 out 0
added 0 expired 0
no memory 0 bad nat 0
inuse 0
rules 6
wilds 0
table 0xbfbfeba8 list 0xc1bc6e00
List of active MAP/Redirect filters:
rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
List of active sessions:
List of active host mappings:
# ipnat -C
6 entries flushed from NAT list
# ipnat -vls
mapped in 0 out 0
added 0 expired 0
no memory 0 bad nat 0
inuse 0
rules 0
wilds 0
table 0xbfbfeba8 list 0x0
List of active MAP/Redirect filters:
List of active sessions:
List of active host mappings:
# ipnat -f /etc/ipnat.rules
[Here we have GOOD STATS a few minutes later....]
# ipnat -vls
mapped in 14 out 12
added 1 expired 0
no memory 0 bad nat 0
inuse 1
rules 6
wilds 0
table 0xbfbfeba8 list 0xc43f1a00
List of active MAP/Redirect filters:
rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
List of active sessions:
RDR 127.0.0.1 99 <- -> 192.168.1.2 899 [16.10.10.211 42666]
age 438 use 0 sumd 0xba36/0xba36 pr 6 bkt 251/408 flags 1 drop 0/0
ifp oo0 bytes 8532 pkts 26
List of active host mappings:
[NOTE: the statistics were reported correctly.]
[ipnat had failed for over a day until I fixed it.]
More information about the freebsd-bugs
mailing list