kern/81606: ipnat fails to start after upgrade to RELENG_5_4

Billy Newsom mailhelp at leadhill.net
Mon May 30 22:10:04 PDT 2005 

The following reply was made to PR kern/81606; it has been noted by GNATS.

From: Billy Newsom <mailhelp at leadhill.net>
To: bug-followup at FreeBSD.org, mailhelp at leadhill.net
Cc:  
Subject: Re: kern/81606: ipnat fails to start after upgrade to RELENG_5_4
Date: Tue, 31 May 2005 00:00:58 -0500

 I reported the first time that ipnat failed to start on the first boot 
 after installing FreeBSD 5.4.
 
 I am now reporting that on the second boot, ipnat loaded and installed 
 its tables, as expected.   A quick "ipnat -vls" at boot confirmed this. 
   YEAH!  But ON SECOND LOOK, I found out that ipnat was failing to do 
 its normal network translation.  A subsequent "ipnat -vls" confirmed 
 that there were no statistics for anything a day later -- all 0's, but I 
 should have been mapping in and out a lot of connections.
 
 So I cleared ipnat's tables and reloaded the same ones.  Instantly some 
 connections that were waiting to start were NATed in, and I saw some 
 active connections in the NAT statistics.  There had aparently been none 
 since the second boot using FreeBSD 5.4.
 
 NAT is now working, but only because I manually cleared and re-loaded 
 the NAT tables. [See shell output below]
 
 If I am away from this server, I wonder what I would do if I depended on 
 ipnat during a spontaneous reboot???  I would be firewalled out, 
 essentially, needing to login locally to fix it.  This is major, or so I 
 see it.
 
 Someone on the freebsd-stable list suggested I turn on ipv6 in rc.conf 
 or in the kernel.  Have not tried, yet.
 
 Here's a few sanitized shell outputs from the second boot of this 
 machine having ipnat problems.  I changed the port numbers to protect 
 the innocent.  [Note: oo0 is the name I gave to my WAN interface in 
 rc.conf.]
 
 Sun May 29 18:19:29 CDT 2005
 [[Bootup time for machine with FreeBSD 5.4, second boot]]
 # ipnat -vls
 mapped  in      0       out     0
 added   0       expired 0
 no memory       0       bad nat 0
 inuse   0
 rules   6
 wilds   0
 table 0xbfbfebc8 list 0xc1bc6e00
 List of active MAP/Redirect filters:
 rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
 rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
 rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
 
 List of active sessions:
 
 List of active host mappings:
 
 [Then I ran it again on the 30th... NO STATISTICS A DAY LATER]]
 
 # ipnat -vls
 mapped  in      0       out     0
 added   0       expired 0
 no memory       0       bad nat 0
 inuse   0
 rules   6
 wilds   0
 table 0xbfbfeba8 list 0xc1bc6e00
 List of active MAP/Redirect filters:
 rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
 rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
 rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
 
 List of active sessions:
 
 List of active host mappings:
 
 # ipnat -C
 6 entries flushed from NAT list
 
 # ipnat -vls
 mapped  in      0       out     0
 added   0       expired 0
 no memory       0       bad nat 0
 inuse   0
 rules   0
 wilds   0
 table 0xbfbfeba8 list 0x0
 List of active MAP/Redirect filters:
 
 List of active sessions:
 
 List of active host mappings:
 
 # ipnat -f /etc/ipnat.rules
 
 [Here we have GOOD STATS a few minutes later....]
 # ipnat -vls
 mapped  in      14      out     12
 added   1       expired 0
 no memory       0       bad nat 0
 inuse   1
 rules   6
 wilds   0
 table 0xbfbfeba8 list 0xc43f1a00
 List of active MAP/Redirect filters:
 rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp
 rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp
 rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp
 rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp
 
 List of active sessions:
 RDR 127.0.0.1       99    <- -> 192.168.1.2    899 [16.10.10.211 42666]
          age 438 use 0 sumd 0xba36/0xba36 pr 6 bkt 251/408 flags 1 drop 0/0
          ifp oo0 bytes 8532 pkts 26
 
 List of active host mappings:
 
 
 [NOTE: the statistics were reported correctly.]
 [ipnat had failed for over a day until I fixed it.]

More information about the freebsd-bugs mailing list