Solved IPNAT error with FreeBSD 10.1

I am updating my firewall from version 9.2 to 10.1 (r285871). It is a new installation on new hardware using current versions of the same programs as on the existing firewall. Everything seems fine except IPNAT. When I try to check #ipnat -lh it returns
Code:
70:ioctl(SIOGNATS) object size mismatch for copying out ipfobj
Has someone seen this and have a solution?
 
What does file /bin/sh, uname -a, and freebsd-version say? The mismatch seems more like an incomplete upgrade and mismatch between kernel and userland components than a firewall issue but let's see if we can rule that out with the output of those commands.
 
I think you may be correct about the incomplete upgrade. But, as I said, this is a fresh install on new hardware so the problem is in the source tree.

However, I found the problem had already been reported in Bugzilla:
(Bug 190964 - [ipf] ipnat doesn't work without INET6 kernel option)
If IPv6 is not being used, comment #13 provides the solution.

Thanks.
 
My apologies. I read the comment about upgrading 9.2 to 10.1 but my eyes skipped right past the "new installation". That was a bad assumption on my part. Thanks for the pointer to the PR on the topic. Did that comment in the PR resolve the issue? A brief read through the comments make it seem like there were additional commits to address it.
 
Did that comment in the PR resolve the issue? A brief read through the comments make it seem like there were additional commits to address it.
Yes. At least it did for 10.1. Apparently the additional commits that were required were submitted in time to be included in the 10.1-RELEASE.
 
This may be to the wrong forum. But now that IPNAT is working, I have found another problem. It appears to be ongoing and has been discussed in at least these threads:

https://forums.FreeBSD.org/threads/ipnat-goes-slow-on-freebsd-10-1-release-p5.50432/
https://forums.FreeBSD.org/threads/...lems-getting-worse-as-uptime-increases.50618/

I seem to have the same problem - after ~24 hours up time, connections through the firewall fail to establish and existing connections drastically slow due to retries.
 
I am updating my firewall from version 9.2 to 10.1 (r285871). It is a new installation on new hardware using current versions of the same programs as on the existing firewall. Everything seems fine except IPNAT. When I try to check #ipnat -lh it returns
Code:
70:ioctl(SIOGNATS) object size mismatch for copying out ipfobj
Has someone seen this and have a solution?
I experienced this error on FreeBSD 11.1 (i386). This was on new hardware, and my first installation of 11.1. I worked around the problem by commenting out the <options IPSEC> line in the kernel configuration. I added <options IPFILTER> and <options IPFILTER_LOG> in the same file. So far the natting is working as expected.
 
Back
Top