openbsd-misc
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: network problems "bad host (xl0) -can't resolve hostname: xl0"

from [J.C. Roberts] [Permanent Link][Original]
To: Tom Van de Wiele <tosh@securax.org>
Subject: Re: network problems "bad host (xl0) -can't resolve hostname: xl0"
From: "J.C. Roberts" <unknown@abac.com>
Date: Wed, 28 Feb 2001 06:15:24 -0800
Cc: misc@openbsd.org
In-reply-to: <voqp9t0c7056enimvummh9k717tqqhkpvk@4ax.com>
Organization: None
References: <voqp9t0c7056enimvummh9k717tqqhkpvk@4ax.com>
Reply-to: unknown@abac.com
Sender: owner-misc@openbsd.org 
On Wed, 28 Feb 2001 04:26:54 -0800, you wrote:

>On Thu, 22 Feb 2001 13:37:56 +0100, you wrote:
>>Hi
>>
>>I'm having some problems with my network.  My outside interface is xl0
>>and my interface for my lan is rl0.  I use NAT to get my network on
>>the net.
>>
>>When my ipf.rules gets loaded at boottime I get several:
>>
>>"bad host (xl0)
>>can't resolve hostname: xl0"
>>
>>my ipf.rules is:
>>[cut]
>>pass in from any to any
>>pass out from any to any
>>pass out quick on xl0 proto udp from any to any port 21000 >< 21400
>>pass out on xl0 proto icmp from any to any keep state
>>
>>block in log quick on xl0 proto tcp from any to xl0/32 port = 6000
>>[cut]
>>
>
>I think I've figured out the cause but I still haven't found the
>solution. The "bad host/can't resolve" error is being caused by ipf on
>the "xl0/32" in the last rule... I'm having the same problem over
>here.
>
>Another thing it could be is my NAT rules. My external (internet)
>interface is xl0 and my internal LAN interface is xl1.
><ipnat.rules>
>map xl0 xl1/24 -> xl0/32 portmap tcp/udp 10000:20000
>map xl0 xl1/24 -> xl0/32
></ipnat.rules>
>
>Everything runs perfect if I run
># ipf -Fa -f /etc/ipf.rules
>
>But after booting nothing works and I'm getting the same errors your
>are... Something needs to load prior to IPF/NAT that resolves the
>device names to their IP addresses but I don't know what that
>something is...
>
>Best Regards,
>
>J.C. Roberts
>


I found a work around. It probably isn't the best or even correct way
to deal with it but it works. In the /etc/netstart file you'll find
the following:

------------------------------------------------------------------
# Configure the IP filter before configuring network interfaces
if [ X"${ipfilter}" = X"YES" -a -f "${ipfilter_rules}" ]; then
        echo 'configuring IP filter'
        ipf -Fa -f ${ipfilter_rules}
else
        ipfilter=NO
fi
------------------------------------------------------------------

If you _COPY_ this section to the end of the file, it runs the ipf
initialization a second time after the "hostnames" or better said
device names have been set up. I doubt you want to _MOVE_ the section
to the end because then your interfaces would be unprotected as they
initialize. You'll still see all the error messages but it will work.

If there is a better way to do this, I hope someone chimes in with it
but until then, this will work.


Best Regards,

J.C. Roberts
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Ipnat problems, Nikolopoulos Chris
Next by Date:  Re: Firewall NAT, Henning Brauer
Previous by Thread:  Re: network problems "bad host (xl0) -can't resolve hostname: xl0", J.C. Roberts
Next by Thread:  Re: network problems "bad host (xl0) -can't resolve hostname: xl0", Nick Holland
Indexes:  [Date] [Thread] [Top] [All Lists]