I have completed the above task and it works on all machine except one.

On a firewall machine we have problems as it appears "ipnat" is unhappy
about the kernel not having IPV6 support.

The end result is:
        "Installing NAT rules ... 70:ioctl(SIOCGNATS) object size mismatch
for copying out ipfobj" upon starting up ipnat.

I have read about this exact error/problem on the FreeBSD platform and they
have a method of compiling the kernel with a make.conf options called:


Their bug report number when someone reported the same error from ipnat was:

Does NetBSD have such a compile time option?

I have already commented out:

        #options INET6
        #pseudo-device stf
        #options BRIDGE_IPF

In my config file I have:

        options         IPFILTER_LOG    # ipmon(8) log support
        options         IPFILTER_LOOKUP # ippool(8) support
        options         IPFILTER_COMPAT # Compat for IP-Filter
        #options        IPFILTER_DEFAULT_BLOCK  # block all packets by
        pseudo-device   ipfilter                # IP filter (firewall) and

Hoping there is a way to do this especially with the latest SA's reporting
IPV6 vulnerabilities.

Thank you

Reply via email to