Date: Sat, 31 Dec 2005 17:32:44 -0800 From: perikillo <perikillo@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: ipnat -CF -f /etc/ipnat.rules Message-ID: <51d7a5160512311732j4407dfd7g13af541ebf578213@mail.gmail.com> In-Reply-To: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAWk27stpn1EeEJTAPYrt2mMKAAAAQAAAAwdhgE%2BtcR0uyTHk5CjnP2AEAAAAA@bloemgarten.demon.nl> References: <20051231130326.D699@nebuchadnezzar.my.domain> <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAWk27stpn1EeEJTAPYrt2mMKAAAAQAAAAwdhgE%2BtcR0uyTHk5CjnP2AEAAAAA@bloemgarten.demon.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/30/05, Ruben Bloemgarten <rubenl@bloemgarten.demon.nl> wrote: > Hi Caleb, > > Add ipfs_enable=3D"YES". > > Regards, > Ruben > > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of caleb > Sent: December 31, 2005 3:16 AM > To: freebsd-questions@freebsd.org > Subject: ipnat -CF -f /etc/ipnat.rules > > Hi everyone, > I have just put together a router/firewall using 5.4 RELEASE > and IPFILTER. Everything is working fine except I have to manually flush > the NAT table every time the router boots. below is my rc.conf and > ipnat.rules, I have used rc.conf to start everything at boot; > > /* rc.conf */ > > gateway_enable=3D"YES" > sshd_enable=3D"YES" > ifconfig_rl1=3D"inet 10.0.0.1 netmask 255.255.255.0" > ifconfig_rl0=3D"inet 192.168.0.1 netmask 255.255.255.0" > hostname=3D"tweak" > ipfilter_enable=3D"YES" > ipfilter_rules=3D"/etc/ipf.rules" > ipmon_enable=3D"YES" > ipmon_flags=3D"-Ds" > ipnat_enable=3D"YES" > ipnat_rules=3D"/etc/ipnat.rules" > ppp_enable=3D"YES" > ppp_mode=3D"ddial" > ppp_nat=3D"NO" > ppp_profile=3D"netspace" > ppp_user=3D"root" > > /* ipnat.rules */ > > map tun0 192.168.0.0/24 -> 0/32 > > > Is there something I am missing? I do not think it is ipf, as I have > configured it to allow everything in and out. Could you please CC me if > you decide to help. > > Thankyou, > > caleb > -- > There is no spoon > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/200= 5 > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/200= 5 > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" > Hi Ruben, months ago i didnt found how to fix that problem, if i remenber it was a little bug on ipfilter, i try a lot of changes on the system, right i was setting up ipfilter on another box, fresh installation: *freebsd 5.4-p8 *ipf v3.4.35 I try your tip, but didnt work, i was thinking that maybe secure_level =3D 2 was the problem but no, i download to 1 and still didnt work. Them the only solution i found before was to create one simple script to re-charge ipnat: ee /etc/rc.d/ipnat.bug #!/bin/sh echo "Fix ipnat bug" ipnat -FC -f /etc/ipnat.rules root#chmod +x /etc/rc.d/ipnat.rules Now i dont need to manually re-charge ipnat every time i restart the system, i hope that this little problem will be fix on freebsd 6.0. Hi cale, this i are my ipnat rules, hope they help you: map tun0 0/0 -> 0/32 proxy port ftp ftp/tcp map tun0 0/0 -> 0/32 portmap tcp/udp 20000:40000 map tun0 0/0 -> 0/32 Good day to all and Happy New Year BSD people!!!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51d7a5160512311732j4407dfd7g13af541ebf578213>