I have the same problem:
After I cvsuped my system from 5.3 to 5.4, ipfilter (compiled in the my
custom kernel) & ipnat not start automatically. If I do
"/etc/rc.d/ipfilter start && /etc/rc.d/ipnat start" manually -
all works
fine... Lines "ipfilner_enable=YES" and "ipnat_enable=YES"
present in
the /etc/rc.conf.
~>-----Original Message-----
~>From: owner-freebsd-stable@freebsd.org
~>[mailto:owner-freebsd-stable@freebsd.org] On Behalf Of Billy Newsom
~>Sent: Thursday, May 26, 2005 1:54 AM
~>To: freebsd-stable@freebsd.org
~>Subject: 5-Stable (5.4) any ipnat changes?
~>
~>
~>Is there some reason why ipnat wouldn't automatically startup?
~>
~>I just upgraded from a 5-stable in February to a 5-stable in
~>May, so I
~>could essentially get 5.4 on this firewall machine. I simultaneously
~>was upgrading some ports, etc., but nothing too severe. When
~>I rebooted
~>the machine, everything looked fine. No problems whatsoever.
~> This was
~>the first time that I compiled multiple kernels (normally I
~>just compile
~>a custom and not the generic), but that is not related.
~>
~>What happened is that I had a strange problem receiving mail
~>on the mail
~>server. It took me quite a while to finally track down the
~>problem. I
~>ended up running a packet sniffer and still couldn't figure it out.
~>Well, it turned out that the filters in ipnat weren't
~>installed, and so
~>all of the NAT routing wasn't happening as normal.
~>
~>I have really never seen this server boot without NAT -- it's
~>basically
~>the same setup I've used for years and it never dawned on me
~>what would
~>happen if ipnat failed to run its filters. Meanwhile,
~>IPFilter was busy
~>running the firewall like normal.
~>
~>I have looked at the logs in detail and I can't find anything
~>that would
~>have turned off ipnat or caused it not to run its filter.
~>Nor, on the
~>otherhand, do I see where ipnat logs anything, anyway.
~>
~>Where would I look to track this down? Is it possible that
~>something in
~> stable messed this up?
~>
~>
~># ls -l /etc/ipnat.rules
~>-rw-r--r-- 1 root wheel 437 Mar 14 14:18 /etc/ipnat.rules
~>
~>Notice no changes since March in that file.
~>
~># cat /etc/rc.conf | grep ip
~>ipfilter_enable="YES" # Set to YES to enable ipfilter
~>functionality
~>ipfilter_program="/sbin/ipf" # where the ipfilter program
lives
~>ipfilter_rules="/etc/ipf.rules" # rules definition file for
~>ipfilter, see
~> #
~>/usr/src/contrib/ipfilter/rules for
~>examples
~>ipfilter_flags="" # additional flags for ipfilter
~>ipnat_enable="YES" # Set to YES to enable ipnat
~>functionality
~>ipnat_program="/sbin/ipnat" # where the ipnat program lives
~>ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
~>ipnat_flags="" # additional flags for ipnat
~>ipmon_enable="YES" # Set to YES for ipmon;
~>needs ipfilter
~>or ipnat
~>ipmon_program="/sbin/ipmon" # where the ipfilter
~>monitor program lives
~>ipmon_flags="-Ds" # typically "-Ds" or
"-D
~>/var/log/ipflog"
~>ipfs_enable="YES" # Set to YES to enable saving
~>and restoring
~>ipfs_program="/sbin/ipfs" # where the ipfs program lives
~>ipfs_flags="" # additional flags for ipfs
~>
~>Thanks.
~>Billy
~>_______________________________________________
~>freebsd-stable@freebsd.org mailing list
~>http://lists.freebsd.org/mailman/listinfo/freebsd-stable
~>To unsubscribe, send any mail to
~>"freebsd-stable-unsubscribe@freebsd.org"
~>