On 12/30/05, Ruben Bloemgarten <[EMAIL PROTECTED]> wrote:
> Hi Caleb,
>
> Add ipfs_enable="YES".
>
> Regards,
> Ruben
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of caleb
> Sent: December 31, 2005 3:16 AM
> To: freebsd-questions@freebsd.org
> Subject: ipnat -CF -f /etc/ipnat.rules
>
> Hi everyone,
> I have just put together a router/firewall using 5.4 RELEASE
> and IPFILTER. Everything is working fine except I have to manually flush
> the NAT table every time the router boots. below is my rc.conf and
> ipnat.rules, I have used rc.conf to start everything at boot;
>
> /* rc.conf */
>
> gateway_enable="YES"
> sshd_enable="YES"
> ifconfig_rl1="inet 10.0.0.1 netmask 255.255.255.0"
> ifconfig_rl0="inet 192.168.0.1 netmask 255.255.255.0"
> hostname="tweak"
> ipfilter_enable="YES"
> ipfilter_rules="/etc/ipf.rules"
> ipmon_enable="YES"
> ipmon_flags="-Ds"
> ipnat_enable="YES"
> ipnat_rules="/etc/ipnat.rules"
> ppp_enable="YES"
> ppp_mode="ddial"
> ppp_nat="NO"
> ppp_profile="netspace"
> ppp_user="root"
>
> /* ipnat.rules */
>
> map tun0 192.168.0.0/24 -> 0/32
>
>
> Is there something I am missing? I do not think it is ipf, as I have
> configured it to allow everything in and out. Could you please CC me if
> you decide to help.
>
> Thankyou,
>
> caleb
> --
> There is no spoon
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/2005
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/2005
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
Hi Ruben, months ago i didnt found how to fix that problem, if i
remenber it was a little bug on ipfilter, i try a lot of changes on
the system, right i was setting up ipfilter on another box, fresh
installation:
*freebsd 5.4-p8
*ipf v3.4.35
I try your tip, but didnt work, i was thinking that maybe
secure_level = 2 was the problem but no, i download to 1 and still
didnt work.
Them the only solution i found before was to create one simple
script to re-charge ipnat:
ee /etc/rc.d/ipnat.bug
#!/bin/sh
echo "Fix ipnat bug"
ipnat -FC -f /etc/ipnat.rules
root#chmod +x /etc/rc.d/ipnat.rules
Now i dont need to manually re-charge ipnat every time i restart
the system, i hope that this little problem will be fix on freebsd
6.0.
Hi cale, this i are my ipnat rules, hope they help you:
map tun0 0/0 -> 0/32 proxy port ftp ftp/tcp
map tun0 0/0 -> 0/32 portmap tcp/udp 20000:40000
map tun0 0/0 -> 0/32
Good day to all and Happy New Year BSD people!!!
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
