Subject: Re: ipnat completely hosed in current 2.0E(?)
To: None <current-users@NetBSD.org, email@example.com>
From: Frank Kardel <firstname.lastname@example.org>
Date: 04/26/2004 08:46:35
Christian Biere wrote:
>several hours ago I've updated the sources from CVS and successfully
>built 2.0E userland & kernels. After installing and rebooting NAT didn't
>work at all, I couldn't get a TCP connection from behind the router. Also
>ipf blocked packets from the machine the router it was supposed to pass
>as if "keep state" wasn't respected. So I had to downgrade the machine.
My experience are somewhat mixed. I do get panics during ifconfigs of
bge0 in the inet6 output path (see PR/25227).
Since then I do not automatically start ipnat/ipf at boot. I still have
those panics at system shutdown.
It seems to work when you do forcestarts after system boot. I am not
sure whether configuration succeeds
always as i was adjusting the rules to match the extended error
checking. Check for the rules actually
being active with ipfstat -i and ipfstat -o.
"keep state" works for me. Generally except for PR/25227 ipf works after
ensuring that rules are