I have the same problem: After I cvsuped my system from 5.3 to 5.4, ipfilter (compiled in the my custom kernel) & ipnat not start automatically. If I do "/etc/rc.d/ipfilter start && /etc/rc.d/ipnat start" manually - all works fine... Lines "ipfilner_enable=YES" and "ipnat_enable=YES" present in the /etc/rc.conf.
~>-----Original Message----- ~>From: [EMAIL PROTECTED] ~>[mailto:[EMAIL PROTECTED] On Behalf Of Billy Newsom ~>Sent: Thursday, May 26, 2005 1:54 AM ~>To: freebsd-stable@freebsd.org ~>Subject: 5-Stable (5.4) any ipnat changes? ~> ~> ~>Is there some reason why ipnat wouldn't automatically startup? ~> ~>I just upgraded from a 5-stable in February to a 5-stable in ~>May, so I ~>could essentially get 5.4 on this firewall machine. I simultaneously ~>was upgrading some ports, etc., but nothing too severe. When ~>I rebooted ~>the machine, everything looked fine. No problems whatsoever. ~> This was ~>the first time that I compiled multiple kernels (normally I ~>just compile ~>a custom and not the generic), but that is not related. ~> ~>What happened is that I had a strange problem receiving mail ~>on the mail ~>server. It took me quite a while to finally track down the ~>problem. I ~>ended up running a packet sniffer and still couldn't figure it out. ~>Well, it turned out that the filters in ipnat weren't ~>installed, and so ~>all of the NAT routing wasn't happening as normal. ~> ~>I have really never seen this server boot without NAT -- it's ~>basically ~>the same setup I've used for years and it never dawned on me ~>what would ~>happen if ipnat failed to run its filters. Meanwhile, ~>IPFilter was busy ~>running the firewall like normal. ~> ~>I have looked at the logs in detail and I can't find anything ~>that would ~>have turned off ipnat or caused it not to run its filter. ~>Nor, on the ~>otherhand, do I see where ipnat logs anything, anyway. ~> ~>Where would I look to track this down? Is it possible that ~>something in ~> stable messed this up? ~> ~> ~># ls -l /etc/ipnat.rules ~>-rw-r--r-- 1 root wheel 437 Mar 14 14:18 /etc/ipnat.rules ~> ~>Notice no changes since March in that file. ~> ~># cat /etc/rc.conf | grep ip ~>ipfilter_enable="YES" # Set to YES to enable ipfilter ~>functionality ~>ipfilter_program="/sbin/ipf" # where the ipfilter program lives ~>ipfilter_rules="/etc/ipf.rules" # rules definition file for ~>ipfilter, see ~> # ~>/usr/src/contrib/ipfilter/rules for ~>examples ~>ipfilter_flags="" # additional flags for ipfilter ~>ipnat_enable="YES" # Set to YES to enable ipnat ~>functionality ~>ipnat_program="/sbin/ipnat" # where the ipnat program lives ~>ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ~>ipnat_flags="" # additional flags for ipnat ~>ipmon_enable="YES" # Set to YES for ipmon; ~>needs ipfilter ~>or ipnat ~>ipmon_program="/sbin/ipmon" # where the ipfilter ~>monitor program lives ~>ipmon_flags="-Ds" # typically "-Ds" or "-D ~>/var/log/ipflog" ~>ipfs_enable="YES" # Set to YES to enable saving ~>and restoring ~>ipfs_program="/sbin/ipfs" # where the ipfs program lives ~>ipfs_flags="" # additional flags for ipfs ~> ~>Thanks. ~>Billy ~>_______________________________________________ ~>freebsd-stable@freebsd.org mailing list ~>http://lists.freebsd.org/mailman/listinfo/freebsd-stable ~>To unsubscribe, send any mail to ~>"[EMAIL PROTECTED]" ~> _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"