Date: Tue, 31 May 2005 05:10:04 GMT From: Billy Newsom <mailhelp@leadhill.net> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/81606: ipnat fails to start after upgrade to RELENG_5_4 Message-ID: <200505310510.j4V5A4Oh034712@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/81606; it has been noted by GNATS. From: Billy Newsom <mailhelp@leadhill.net> To: bug-followup@FreeBSD.org, mailhelp@leadhill.net Cc: Subject: Re: kern/81606: ipnat fails to start after upgrade to RELENG_5_4 Date: Tue, 31 May 2005 00:00:58 -0500 I reported the first time that ipnat failed to start on the first boot after installing FreeBSD 5.4. I am now reporting that on the second boot, ipnat loaded and installed its tables, as expected. A quick "ipnat -vls" at boot confirmed this. YEAH! But ON SECOND LOOK, I found out that ipnat was failing to do its normal network translation. A subsequent "ipnat -vls" confirmed that there were no statistics for anything a day later -- all 0's, but I should have been mapping in and out a lot of connections. So I cleared ipnat's tables and reloaded the same ones. Instantly some connections that were waiting to start were NATed in, and I saw some active connections in the NAT statistics. There had aparently been none since the second boot using FreeBSD 5.4. NAT is now working, but only because I manually cleared and re-loaded the NAT tables. [See shell output below] If I am away from this server, I wonder what I would do if I depended on ipnat during a spontaneous reboot??? I would be firewalled out, essentially, needing to login locally to fix it. This is major, or so I see it. Someone on the freebsd-stable list suggested I turn on ipv6 in rc.conf or in the kernel. Have not tried, yet. Here's a few sanitized shell outputs from the second boot of this machine having ipnat problems. I changed the port numbers to protect the innocent. [Note: oo0 is the name I gave to my WAN interface in rc.conf.] Sun May 29 18:19:29 CDT 2005 [[Bootup time for machine with FreeBSD 5.4, second boot]] # ipnat -vls mapped in 0 out 0 added 0 expired 0 no memory 0 bad nat 0 inuse 0 rules 6 wilds 0 table 0xbfbfebc8 list 0xc1bc6e00 List of active MAP/Redirect filters: rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp List of active sessions: List of active host mappings: [Then I ran it again on the 30th... NO STATISTICS A DAY LATER]] # ipnat -vls mapped in 0 out 0 added 0 expired 0 no memory 0 bad nat 0 inuse 0 rules 6 wilds 0 table 0xbfbfeba8 list 0xc1bc6e00 List of active MAP/Redirect filters: rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp List of active sessions: List of active host mappings: # ipnat -C 6 entries flushed from NAT list # ipnat -vls mapped in 0 out 0 added 0 expired 0 no memory 0 bad nat 0 inuse 0 rules 0 wilds 0 table 0xbfbfeba8 list 0x0 List of active MAP/Redirect filters: List of active sessions: List of active host mappings: # ipnat -f /etc/ipnat.rules [Here we have GOOD STATS a few minutes later....] # ipnat -vls mapped in 14 out 12 added 1 expired 0 no memory 0 bad nat 0 inuse 1 rules 6 wilds 0 table 0xbfbfeba8 list 0xc43f1a00 List of active MAP/Redirect filters: rdr oo0 192.168.1.2/32 port 899 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 21111 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 1238 -> 127.0.0.1 port 99 tcp rdr oo0 192.168.1.2/32 port 1234 -> 127.0.0.1 port 56 tcp rdr oo0 192.168.1.2/32 port 1236 -> 127.0.0.1 port 192 tcp rdr oo0 192.168.1.2/32 port 1237 -> 192.168.0.2 port 152 tcp List of active sessions: RDR 127.0.0.1 99 <- -> 192.168.1.2 899 [16.10.10.211 42666] age 438 use 0 sumd 0xba36/0xba36 pr 6 bkt 251/408 flags 1 drop 0/0 ifp oo0 bytes 8532 pkts 26 List of active host mappings: [NOTE: the statistics were reported correctly.] [ipnat had failed for over a day until I fixed it.]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505310510.j4V5A4Oh034712>