I have completed the above task and it works on all machine except one.

On a firewall machine we have problems as it appears "ipnat" is unhappy
about the kernel not having IPV6 support.

The end result is:
        "Installing NAT rules ... 70:ioctl(SIOCGNATS) object size mismatch
for copying out ipfobj" upon starting up ipnat.

I have read about this exact error/problem on the FreeBSD platform and they
have a method of compiling the kernel with a make.conf options called:

        NOINET6="YES"
        NO_INET6="YES"
        WITHOUT_INET6="YES"

Their bug report number when someone reported the same error from ipnat was:
190964

Does NetBSD have such a compile time option?

I have already commented out:

        #options INET6
        #pseudo-device stf
        #options BRIDGE_IPF

In my config file I have:

        options         IPFILTER_LOG    # ipmon(8) log support
        options         IPFILTER_LOOKUP # ippool(8) support
        options         IPFILTER_COMPAT # Compat for IP-Filter
        #options        IPFILTER_DEFAULT_BLOCK  # block all packets by
default
        pseudo-device   ipfilter                # IP filter (firewall) and
NAT

Hoping there is a way to do this especially with the latest SA's reporting
IPV6 vulnerabilities.

Thank you
Scott..


Reply via email to