sergei wrote:
I have the same problem:
After I cvsuped my system from 5.3 to 5.4, ipfilter (compiled in the my
custom kernel) & ipnat not start automatically. If I do
"/etc/rc.d/ipfilter start && /etc/rc.d/ipnat start" manually - all works
fine... Lines "ipfilner_enable=YES" and "ipnat_enable=YES" present in
the /etc/rc.conf.
Okay, I'm going to dig up someone who might be responsible or might be
able to fix it. Two strikes while doing the same upgrade... While I'm
thinking about it, would you see if it happens on the next reboot? I
haven't tried, because my system is a firewall that I need to keep up
most of the time (I'm behind it right now), but I will definitely see if
it happens again soon.
I am going to check some cvs checkins in the last three months or so and
see if I can track down a change.
As for the custom kernel, I wonder if we both need to post the details
of our custom kernel to this list for others to see? I wonder if the
problem is only with certain kernel switches. I am attaching my kernel
(with no comments) to this email. Let me know if it's easier to read
with the comments in it, because a lot of the generic kernel fluff has
been removed for sake of speed.
I removed them with:
cat mykernel | sed -e 's;#.*;;' -e '/^[ ]*$/d' >mykernel.1
Billy
~>-----Original Message-----
~>From: [EMAIL PROTECTED]
~>[mailto:[EMAIL PROTECTED] On Behalf Of Billy Newsom
~>Sent: Thursday, May 26, 2005 1:54 AM
~>To: [email protected]
~>Subject: 5-Stable (5.4) any ipnat changes?
~>
~>
~>Is there some reason why ipnat wouldn't automatically startup?
~>
~>I just upgraded from a 5-stable in February to a 5-stable in
~>May, so I
~>could essentially get 5.4 on this firewall machine. I simultaneously
~>was upgrading some ports, etc., but nothing too severe. When
~>I rebooted
~>the machine, everything looked fine. No problems whatsoever.
~> This was
~>the first time that I compiled multiple kernels (normally I
~>just compile
~>a custom and not the generic), but that is not related.
~>
~>What happened is that I had a strange problem receiving mail
~>on the mail
~>server. It took me quite a while to finally track down the
~>problem. I
~>ended up running a packet sniffer and still couldn't figure it out.
~>Well, it turned out that the filters in ipnat weren't
~>installed, and so
~>all of the NAT routing wasn't happening as normal.
~>
~>I have really never seen this server boot without NAT -- it's
~>basically
~>the same setup I've used for years and it never dawned on me
~>what would
~>happen if ipnat failed to run its filters. Meanwhile,
~>IPFilter was busy
~>running the firewall like normal.
~>
~>I have looked at the logs in detail and I can't find anything
~>that would
~>have turned off ipnat or caused it not to run its filter.
~>Nor, on the
~>otherhand, do I see where ipnat logs anything, anyway.
~>
~>Where would I look to track this down? Is it possible that
~>something in
~> stable messed this up?
~>
~>
~># ls -l /etc/ipnat.rules
~>-rw-r--r-- 1 root wheel 437 Mar 14 14:18 /etc/ipnat.rules
~>
~>Notice no changes since March in that file.
~>
~># cat /etc/rc.conf | grep ip
~>ipfilter_enable="YES" # Set to YES to enable ipfilter
~>functionality
~>ipfilter_program="/sbin/ipf" # where the ipfilter program lives
~>ipfilter_rules="/etc/ipf.rules" # rules definition file for
~>ipfilter, see
~> #
~>/usr/src/contrib/ipfilter/rules for
~>examples
~>ipfilter_flags="" # additional flags for ipfilter
~>ipnat_enable="YES" # Set to YES to enable ipnat
~>functionality
~>ipnat_program="/sbin/ipnat" # where the ipnat program lives
~>ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
~>ipnat_flags="" # additional flags for ipnat
~>ipmon_enable="YES" # Set to YES for ipmon;
~>needs ipfilter
~>or ipnat
~>ipmon_program="/sbin/ipmon" # where the ipfilter
~>monitor program lives
~>ipmon_flags="-Ds" # typically "-Ds" or "-D
~>/var/log/ipflog"
~>ipfs_enable="YES" # Set to YES to enable saving
~>and restoring
~>ipfs_program="/sbin/ipfs" # where the ipfs program lives
~>ipfs_flags="" # additional flags for ipfs
~>
~>Thanks.
~>Billy
machine i386
cpu I686_CPU
ident BILLYSMP3
hints "GENERIC.hints"
options SMP
options MSGMNB=8192
options MSGSSZ=64
options MSGTQL=2048
options MAXCONS=6
options IPFILTER
options IPFILTER_LOG
options SCHED_4BSD
options INET
options FFS
options SOFTUPDATES
options UFS_ACL
options UFS_DIRHASH
options NFSCLIENT
options NFSSERVER
options PROCFS
options PSEUDOFS
options GEOM_GPT
options COMPAT_43
options COMPAT_FREEBSD4
options SCSI_DELAY=4000
options KTRACE
options SYSVSHM
options SYSVMSG
options SYSVSEM
options _KPOSIX_PRIORITY_SCHEDULING
options KBD_INSTALL_CDEV
options ADAPTIVE_GIANT
device apic
device isa
device pci
device fdc
device ata
device atadisk
device atapicd
options ATA_STATIC_ID
device ahc
device sym
device aha
device aic
device scbus
device ch
device da
device sa
device cd
device pass
device ses
device atkbdc
device atkbd
device psm
device vga
device sc
device npx
device apm
device sio
device ppc
device ppbus
device lpt
device ppi
device miibus
device fxp
device nge
device pcn
device re
device rl
device ste
device tx
device wb
device ed
device ep
device lnc
device loop
device mem
device io
device random
device ether
device tun
device pty
device gif
device bpf
device uhci
device ohci
device usb
device ugen
device uhid
device ukbd
device ulpt
device umass
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
