Subject: Re: Kernel Panic caused by IPnat
To: NetBSD-Alpha Mailinglist <>
From: Andrew Garman <>
List: port-alpha
Date: 09/20/2000 16:51:31
It's 1.4.2.  The panic was because, I didn't turn on ipforwarding.
I'm running into different problems now.  That the ipnat rules just 
aren't working.  They're inserted and show up with ipnat -l is run.

But they don't work.

I have pass in and pass out open for all:
pass in from any to any
pass out from any to any 

I am back to running the GENERIC 1.4.2 kernel.

Also the ftp proxy rule doesn't read into the firewall at all.  I'm 
certain more than a few people are using Alpha NetBSD for a firewall.
Would anyone be willing to share rulesets, kernel compile configs
and other settings with me.


Andrew Garman

--- "Chris G. Demetriou" <> wrote:
> Andrew Garman <> writes:
> > Today, I just put in two additional 3c905B cards and was looking 
> > forward to transitioning in the new system.  Everything looked up
> as
> > the ipfilter ruleset worked like a charm.  Unfortunately, when I 
> > tried to enable the minimal required ipnat ruleset, the system
> > panicked.
> > 
> > I swapped back in the Generic kernel as I trimmed mine down to less
> > than half the size.  The panic still occurs.  I did the same
> without
> > the ipfilter rules in place.  The panic still occurs.
> You've not told us what version of NetBSD you're using.  That's
> important information.
> (It's also important that your ipfilter-related userland bits closely
> match the vintage of your kernel.  i.e. if you're running a 1.4.2
> kernel, you _need_ to be using 1.4.2 ipfilter-related bits.  1.4.1 or
> 1.4 likely won't work.  Ipfilter is ... not so good about backward
> compatiblity.  *sigh*)

Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.