port-i386: ipf and ipnat and unrelated 1.4.2 Observations

Subject: ipf and ipnat and unrelated 1.4.2 Observations
To: None <port-i386@netbsd.org>
From: Steve <stevep@mccue.com>
List: port-i386
Date: 04/11/2000 12:50:23

Greetings, two things:

IPF/IPNAT-
Although not specifically port-i386 specific, is there
any documentation on ordering of  ipf and ipnat ?

It appears ipnat is layered below ipf, such that
rdr's placed in ipnat bypass any blocks set in
ipf.  Is this the implemented architecture?
such that ipnat: rdr de0 0/0 port 2000 -> 10.0.0.1 port 25
overrides ipf:
block in log quick from any to any port = 2000
block out log quick from any port = 2000 to any 

1.4.2-
My observations are as follows:
- rl0 support is fantastic.  This truly makes NetBSD a 
reality for running in professional environments.  Words 
can not describe how relieving it is to know that a smoked
100base NIC can now be replaced by running to a
local dealer to get a new card.  My much coveted
rack of 2-3 Netgears no longer requires hellhounds to
guard or penalty of death for taking one for non BSD use. ;)

- install.  When starting the network, can the timeout
be increased?  I can never get a net install to work as
the ping times out before most cards init.  If I ctrl-Z and
ifconfig/ping, it might be 10-15 seconds before the
ping replies start and work.  I'd suggest changing the ping 
options for dns and gateway timeout up to like 30 seconds.
For the installs I have performed, I had to ctrl-z, ifconfig/ping
then ifconfig delete, fg and try again over and over.  After about
the 3rd or 4th try, the card inits faster and it gets by this.

- kernel.  Just a silly one.  The kernel from the install is owned 
by UID 5503.  This is nitpicking one since most kernels in my
shop last just long enough for a compile of a new one.  But
for anyone running generic, it just looks silly having the /netbsd
as owner 5503. ;)

Other than that, I've complete installed 4 servers from 1.4.1
to 1.4.2 serving various services.  DNS, mail, ftp, apache, samba,
ipf, ipnat.  All are working flawlessly so far (crossing my fingers).
I've compiled numerous kernels from the source without a hitch.
One P60 we ran the upgrade from 1.4.1 and 1.4.2 and that server 
is working great as well.  Looks really good guys!

Best regards,
Steve Paul