From owner-freebsd-bugs  Wed May 10  4:10:15 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id BFB5637B69C
	for <freebsd-bugs@FreeBSD.org>; Wed, 10 May 2000 04:10:08 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id EAA51006;
	Wed, 10 May 2000 04:10:08 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Wed, 10 May 2000 04:10:08 -0700 (PDT)
Message-Id: <200005101110.EAA51006@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Ruslan Ermilov <ru@FreeBSD.org>
Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host
Reply-To: Ruslan Ermilov <ru@FreeBSD.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/18354; it has been noted by GNATS.

From: Ruslan Ermilov <ru@FreeBSD.org>
To: "Lowkrantz, Goran" <Goran.Lowkrantz@infologigruppen.se>
Cc: "'Brian Somers'" <brian@Awfulhak.org>,
	freebsd-gnats-submit@FreeBSD.org, Charles Mott <cmott@scientech.com>,
	Eivind Eklund <perhaps@yes.no>, Ari Suutari <ari@suutari.iki.fi>
Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host
Date: Wed, 10 May 2000 14:06:24 +0300

 On Wed, May 10, 2000 at 08:40:43AM +0200, Lowkrantz, Goran wrote:
 > 
 > OK. I understand. But I can't read this behavior from natd(8), as the 3d
 > para don't mension what happens if no match is found or the IP isn't that of
 > the firewall IF. If the current behavior is the intended, then it should be
 > documented. And as it's a change in behavior, somthing should be said about
 > it in the release notes. Was this patch given a HEADS UP?
 > 
 > May I suggest somthing like this for natd(8)?
 > 
 > Description - add to 3d para
 > 
 > If no entry is found or the target IP is not the current machine, the packet
 > is modified to the IP number of the current machine.
 > 
 The correct behaviour is already documented (see the -a option's description):
 
 : If no other action can be made, and if -deny_incoming is not specified,
 : the packet is delivered to the local machine and port as specified in
 : the packet.
 
 I will restore this behaviour in a day or two.
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Sysadmin and DBA of the
 ru@ucb.crimea.ua	United Commercial Bank,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.247.647	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message