On Tue, Apr 11, 2000 at 12:50:23PM -0700, Steve wrote:
> Greetings, two things:
> 
> IPF/IPNAT-
> Although not specifically port-i386 specific, is there
> any documentation on ordering of  ipf and ipnat ?
> 
> It appears ipnat is layered below ipf, such that
> rdr's placed in ipnat bypass any blocks set in
> ipf.  Is this the implemented architecture?
> such that ipnat: rdr de0 0/0 port 2000 -> 10.0.0.1 port 25
> overrides ipf:
> block in log quick from any to any port = 2000
> block out log quick from any port = 2000 to any 

Yes, this is true. You have to block port 25 instead.

> 
> 1.4.2-
> My observations are as follows:
> - rl0 support is fantastic.  This truly makes NetBSD a 
> reality for running in professional environments.  Words 
> can not describe how relieving it is to know that a smoked
> 100base NIC can now be replaced by running to a
> local dealer to get a new card.  My much coveted
> rack of 2-3 Netgears no longer requires hellhounds to
> guard or penalty of death for taking one for non BSD use. ;)
> 
> - install.  When starting the network, can the timeout
> be increased?  I can never get a net install to work as
> the ping times out before most cards init.  If I ctrl-Z and
> ifconfig/ping, it might be 10-15 seconds before the
> ping replies start and work.  I'd suggest changing the ping 
> options for dns and gateway timeout up to like 30 seconds.
> For the installs I have performed, I had to ctrl-z, ifconfig/ping
> then ifconfig delete, fg and try again over and over.  After about
> the 3rd or 4th try, the card inits faster and it gets by this.

What kind of network hardware do you have ?
I've seen this with cisco switches, which takes a long time to
init when the ink comes up. Disabling a few fancy discovery protocols on the
cisco solved the problem.
But I agree, sysinst could be smarter for such cases.

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--