From owner-freebsd-bugs  Tue May  9 15:50: 5 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id D527437BAB8
	for <freebsd-bugs@FreeBSD.org>; Tue,  9 May 2000 15:50:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id PAA49042;
	Tue, 9 May 2000 15:50:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Tue, 9 May 2000 15:50:03 -0700 (PDT)
Message-Id: <200005092250.PAA49042@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Brian Somers <brian@Awfulhak.org>
Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host 
Reply-To: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/18354; it has been noted by GNATS.

From: Brian Somers <brian@Awfulhak.org>
To: goran.lowkrantz@infologigruppen.se
Cc: freebsd-gnats-submit@FreeBSD.org,
	Brian Somers <brian@awfulhak.org>, Ruslan Ermilov <ru@FreeBSD.org>,
	Charles Mott <cmott@scientech.com>, Eivind Eklund <perhaps@yes.no>,
	Ari Suutari <ari@suutari.iki.fi>
Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host 
Date: Tue, 09 May 2000 23:41:01 +0100

 > >Number:         18354
 > >Category:       bin
 > >Synopsis:       NATD diverts DMZ packets to firewall host
 
 This is happening because I changed the libalias(3) default so that 
 it drops packets from outside to inside on the gateway by default 
 rather than passing them into the (private) internal network.  This 
 behaviour can be altered using PacketAliasSetTarget().  IMHO this is 
 what people expect and is what the documentation indicated was the 
 intention.
 
 When I sent a patch to Ruslan (cc'd) adding a -t option to natd, he 
 pointed out that natd's documentation clearly doesn't expect this to 
 happen.
 
 We decided to ask about the original intentions and decide what to do 
 based on the outcome, but haven't received a reply from Charles (cc'd 
 as a gentle poke) yet.
 
 So, this is in limbo.  At the moment, there's no way to get the old 
 behaviour (maybe we should add the -t switch in the interim - Ruslan, 
 have you still got that patch?  Or if you don't want to do that, 
 perhaps we should just do a PacketAliasSetTarget(INADDR_ANY) in 
 natd.c for now).
 -- 
 Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
       <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
 Don't _EVER_ lose your sense of humour !
 
 
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message