Date: Wed, 21 Jun 2000 13:48:48 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: ???????? ?????? <jaroshenko@mail.ru> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfilter,ipnat and forwarding de0 <-> tun0 Message-ID: <20000621134848.G214@dialin-client.earthlink.net> In-Reply-To: <Pine.BSF.4.21.0006211453080.2623-100000@freebsd.merlin.ru>; from jaroshenko@mail.ru on Wed, Jun 21, 2000 at 04:12:49PM %2B0400 References: <Pine.BSF.4.21.0006211453080.2623-100000@freebsd.merlin.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 21, 2000 at 04:12:49PM +0400, ???????? ?????? wrote:
[snip]
> 2) rc.local
> ipf -Fa -f /etc/ipf.rc
> ipmon -Ds
> ipnat -CF -f /etc/nat.rc
[snip]
> Users in my lan can't connect to any Internet site and
> "tcpdump -i de0" show black screen - no packets from or to lan.
> I go in single user mode ("init 1") and go again multiuser mode, connect
> to Internet and all WORK...
> users connect to any Internet site
> "ipnat -ls" show list of active sessions
> "tcpdump -i de0" show packets.
>
> 1) Why NAT not work after reboot but work after "init 1"?
My best guess is because order is important. The stuff in rc.local is
started almost dead last during the multi-user startup. There are
likely network services hung up during the startup by the fact that
they start before the firewall is put in place and NAT is initiated.
> 2) How do NAT work after reboot (or startup) ?
You might need to go in and actually hack /etc/rc, /etc/rc.network,
etc. to get the startup in the correct order.
Again, that is just my guess, and if I may try to be even more
psychic, I'd guess the firewall setup is the real culprit.
--
Crist J. Clark cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000621134848.G214>