Discussion of technical issues relating to NetBSD's networking subsystem

Mike C. | 19 Jun 2012 02:40

Netbsd 6 NPF npfctl stats and logging


Hi all,

I've been testing with NPF, but since I could not find much
documentation except the man pages I have some doubts.

First and if this somehow changes anything I'd like to refer I'm testing
this on a NetBSD 6.0 BETA 2 Xen domU.

I've recompiled the kernel adding npf support but I can't seem to get
the logging woring nor I see anything in npfctl stats.

npfctl stats      
Packets passed:
        0 default pass
        0 ruleset pass
        0 session pass

Packets blocked:
        0 default block
        0 ruleset block

Session and NAT entries:
        0 session allocations
        0 session destructions
        0 NAT entry allocations
        0 NAT entry destructions

Invalid packet state cases:
        0 cases in total

(Continue reading)

headers

Mindaugas Rasiukevicius | 19 Jun 2012 13:18

Re: Netbsd 6 NPF npfctl stats and logging

Hello,

"Mike C." <miguelmclara <at> gmail.com> wrote:
> I've been testing with NPF, but since I could not find much
> documentation except the man pages I have some doubts.
> 
> ...
> 
> And if I may add another question, I get this error:
> # npfctl
> reload

Did you run "npfctl start" after (re)load?

> 
> /etc/npf.conf:15:47: multiple addresses are not valid near '$ext_if'
> 
> what's the correct syntax in this case? I've tried:

It should be clarified, but the reason is that $ext_if has multiple IP
addresses (if IPv6 is enabled, that is already the case).  Therefore, NPF
does not know which address to use for the translation.  Try to specify
the address explicitly.  More convenient way to select some address of
an interface would be useful (suggestions for syntax are welcome).

Note that the syntax has changed in -current (they will also appear in
netbsd-6 once the changes are pulled up).  Check the man page for the
changes.  Your NAPT rule would be the following (where $nataddr is your
external/translation address):

(Continue reading)

headers

Mike | 19 Jun 2012 14:26

Re: Netbsd 6 NPF npfctl stats and logging

Em 19-06-2012 12:18, Mindaugas Rasiukevicius escreveu:
> Hello,
> 
> "Mike C." <miguelmclara <at> gmail.com> wrote:
>> I've been testing with NPF, but since I could not find much
>> documentation except the man pages I have some doubts.
>>
>> ...
>>
>> And if I may add another question, I get this error:
>> # npfctl
>> reload
> 
> Did you run "npfctl start" after (re)load?
>

I did and it didn't work, no I'm getting a kernel panic when starting
it, I guess I should wait for the changes on netbsd-6 or try this on
current.

>>
>> /etc/npf.conf:15:47: multiple addresses are not valid near '$ext_if'
>>
>> what's the correct syntax in this case? I've tried:
> 
> It should be clarified, but the reason is that $ext_if has multiple IP
> addresses (if IPv6 is enabled, that is already the case).  Therefore, NPF
> does not know which address to use for the translation.  Try to specify
> the address explicitly.  More convenient way to select some address of
> an interface would be useful (suggestions for syntax are welcome).

(Continue reading)