Re: ipfilter & NAT on Solaris 9 using sppp0 interface (pfil 2.1.6, ipfilter

> On Tue, Aug 09, 2005 at 06:50:48AM +1000, Darren Reed wrote:
...
> Ah. Sure enough, this seems to cause the modinsert to happen
> automagically when the sppp0 interface is created. (Where do I
> read to find out more about /etc/opt/pfil/iu.ap?)

Read the man page for autopush.

> There's still one lingering issue -- but I haven't ruled out some other
> mistake on my part, so I'm not going to call this a bug. After rebooting
> and re-establishing the PPP connection, and running "ipf -y", the
> firewall rules seem to work...but not NAT. Flushing those ("ipnat -FC")
> and reloading them ("ipnat -f ipnat.conf") seems to make them work again.

I believe your problems will be due to this code in fil.c:

# if !SOLARIS
fr_natsync(ifp);
fr_statesync(ifp);
# endif

...sigh, I never put in a comment about why i did that, but I believe it
was due to NAT/state sessions being interupted because of constant (or
at least frequenct) name changes due to the way it picked up interface
names. It should now be (theoretically) safe to remove the #if.

Darren