From owner-freebsd-bugs@FreeBSD.ORG Fri Jun 25 16:20:05 2010 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0030A106566B for ; Fri, 25 Jun 2010 16:20:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B7DB88FC16 for ; Fri, 25 Jun 2010 16:20:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o5PGK4Fc091651 for ; Fri, 25 Jun 2010 16:20:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o5PGK4PD091650; Fri, 25 Jun 2010 16:20:04 GMT (envelope-from gnats) Resent-Date: Fri, 25 Jun 2010 16:20:04 GMT Resent-Message-Id: <201006251620.o5PGK4PD091650@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, David Naylor Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6F096106564A for ; Fri, 25 Jun 2010 16:16:46 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 5E3348FC12 for ; Fri, 25 Jun 2010 16:16:46 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o5PGGkka098384 for ; Fri, 25 Jun 2010 16:16:46 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o5PGGkYQ098382; Fri, 25 Jun 2010 16:16:46 GMT (envelope-from nobody) Message-Id: <201006251616.o5PGGkYQ098382@www.freebsd.org> Date: Fri, 25 Jun 2010 16:16:46 GMT From: David Naylor To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: conf/148144: [patch] add ipfw_nat support for rc.firewall simple type X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Jun 2010 16:20:05 -0000 >Number: 148144 >Category: conf >Synopsis: [patch] add ipfw_nat support for rc.firewall simple type >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jun 25 16:20:03 UTC 2010 >Closed-Date: >Last-Modified: >Originator: David Naylor >Release: FreeBSD-9 >Organization: Private >Environment: FreeBSD dragon.dg 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Sat Jun 19 19:08:38 SAST 2010 root@dragon.dg:/tmp/home/freebsd9/src/sys/DRAGON amd64 >Description: rc.firewall includes support for freebsd_nat_enable but it appears omitted in the "simple" firewall type. The attached patch adds such support. I have used this change for a while to provide support for NAT on my server. >How-To-Repeat: n/a >Fix: n/a Patch attached with submission follows: --- rc.firewall~ 2010-06-25 18:10:42.000000000 +0200 +++ rc.firewall 2010-06-25 18:11:16.000000000 +0200 @@ -318,6 +318,21 @@ fi ;; esac + case ${firewall_nat_enable} in + [Yy][Ee][Ss]) + if [ -n "${firewall_nat_interface}" ]; then + if echo "${firewall_nat_interface}" | \ + grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then + firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}" + else + firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}" + fi + ${fwcmd} nat 123 config log ${firewall_nat_flags} + ${fwcmd} add nat 123 ip4 from any to any via ${firewall_nat_interface} + fi + ;; + esac + # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} >Release-Note: >Audit-Trail: >Unformatted: