I have completed the above task and it works on all machine except one.
On a firewall machine we have problems as it appears "ipnat" is unhappy
about the kernel not having IPV6 support.
The end result is:
"Installing NAT rules ... 70:ioctl(SIOCGNATS) object size mismatch
for copying out ipfobj" upon starting up ipnat.
I have read about this exact error/problem on the FreeBSD platform and they
have a method of compiling the kernel with a make.conf options called:
NOINET6="YES"
NO_INET6="YES"
WITHOUT_INET6="YES"
Their bug report number when someone reported the same error from ipnat was:
190964
Does NetBSD have such a compile time option?
I have already commented out:
#options INET6
#pseudo-device stf
#options BRIDGE_IPF
In my config file I have:
options IPFILTER_LOG # ipmon(8) log support
options IPFILTER_LOOKUP # ippool(8) support
options IPFILTER_COMPAT # Compat for IP-Filter
#options IPFILTER_DEFAULT_BLOCK # block all packets by
default
pseudo-device ipfilter # IP filter (firewall) and
NAT
Hoping there is a way to do this especially with the latest SA's reporting
IPV6 vulnerabilities.
Thank you
Scott..
