Subject: Re: IPNAT
To: Mike Pumford <>
From: Erik Rungi <>
List: current-users
Date: 10/22/1998 17:35:39
Ok I took a look at the NetBSD-current sources, and you're right, the ipnat
stuff is all taken care of in the rc script. 

However, in the case for 1.3.2, there isn't anything in the rc.conf or rc
files to handle this.  So if you do what I did, which was to simply add a
"ipnat" line to your rc.local, and don't put a corresponding
"ipf" line in, you get hosed. 

Does the PR system work for interim releases as well (like maybe for 1.3.3)?

If we make sure that the NetBSD-current way of handling ipnat makes it into
1.3.3 within the rc scripts, I think that would be a huge help. 


On Thu, 22 Oct 1998, Mike Pumford wrote:

> > 
> > Hiya,
> > 
> > After spending a bit of time pulling my hair out, I have realized that under
> > the configuration I'm using (NetBSD-1.3/i386), ipnat doesn't work unless ipf
> > is enabled.
> > 
> > Maybe this is obvious to some, but I think that it would be a good thing if: 
> > 
> > 1.  ipnat would warn you that its not going to be doing any mapping until you
> > run "/sbin/ipf",
> > 
> > and/or
> > 
> If you have an up to date /etc enabling IPNAT in rc.conf automatically sets up
> ipf for you. So it does not really need a man page entry. Although I can see 
> that while experimenting before enabling it for real it would be useful to 
> know as I have also spent significant time wondering why it did not work.
> > eg "Please note that ipnat will not actually rewrite any packet headers unless
> > the ipf packet filter is active." 
> > 
> > Mentioning in the ipnat(8) man page which kernel options are required to make
> > nat go zoom would be handy as well. 
> >
> This I would definitely support. It was only by scanning back through large 
> amounts of current-users mail that I managed to find the options required.
> Mike 
> > EJR
> >