5-Stable (5.4) any ipnat changes?
sergei at konst.donpac.ru
Wed May 25 22:08:21 PDT 2005
I have the same problem:
After I cvsuped my system from 5.3 to 5.4, ipfilter (compiled in the my
custom kernel) & ipnat not start automatically. If I do
"/etc/rc.d/ipfilter start && /etc/rc.d/ipnat start" manually - all works
fine... Lines "ipfilner_enable=YES" and "ipnat_enable=YES" present in
~>From: owner-freebsd-stable at freebsd.org
~>[mailto:owner-freebsd-stable at freebsd.org] On Behalf Of Billy Newsom
~>Sent: Thursday, May 26, 2005 1:54 AM
~>To: freebsd-stable at freebsd.org
~>Subject: 5-Stable (5.4) any ipnat changes?
~>Is there some reason why ipnat wouldn't automatically startup?
~>I just upgraded from a 5-stable in February to a 5-stable in
~>May, so I
~>could essentially get 5.4 on this firewall machine. I simultaneously
~>was upgrading some ports, etc., but nothing too severe. When
~>the machine, everything looked fine. No problems whatsoever.
~> This was
~>the first time that I compiled multiple kernels (normally I
~>a custom and not the generic), but that is not related.
~>What happened is that I had a strange problem receiving mail
~>on the mail
~>server. It took me quite a while to finally track down the
~>ended up running a packet sniffer and still couldn't figure it out.
~>Well, it turned out that the filters in ipnat weren't
~>installed, and so
~>all of the NAT routing wasn't happening as normal.
~>I have really never seen this server boot without NAT -- it's
~>the same setup I've used for years and it never dawned on me
~>happen if ipnat failed to run its filters. Meanwhile,
~>IPFilter was busy
~>running the firewall like normal.
~>I have looked at the logs in detail and I can't find anything
~>have turned off ipnat or caused it not to run its filter.
~>Nor, on the
~>otherhand, do I see where ipnat logs anything, anyway.
~>Where would I look to track this down? Is it possible that
~> stable messed this up?
~># ls -l /etc/ipnat.rules
~>-rw-r--r-- 1 root wheel 437 Mar 14 14:18 /etc/ipnat.rules
~>Notice no changes since March in that file.
~># cat /etc/rc.conf | grep ip
~>ipfilter_enable="YES" # Set to YES to enable ipfilter
~>ipfilter_program="/sbin/ipf" # where the ipfilter program lives
~>ipfilter_rules="/etc/ipf.rules" # rules definition file for
~>ipfilter_flags="" # additional flags for ipfilter
~>ipnat_enable="YES" # Set to YES to enable ipnat
~>ipnat_program="/sbin/ipnat" # where the ipnat program lives
~>ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
~>ipnat_flags="" # additional flags for ipnat
~>ipmon_enable="YES" # Set to YES for ipmon;
~>ipmon_program="/sbin/ipmon" # where the ipfilter
~>monitor program lives
~>ipmon_flags="-Ds" # typically "-Ds" or "-D
~>ipfs_enable="YES" # Set to YES to enable saving
~>ipfs_program="/sbin/ipfs" # where the ipfs program lives
~>ipfs_flags="" # additional flags for ipfs
~>freebsd-stable at freebsd.org mailing list
~>To unsubscribe, send any mail to
~>"freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable