From owner-freebsd-bugs Wed May 10 4:10:12 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id AEB0337B643 for ; Wed, 10 May 2000 04:10:07 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id EAA51001; Wed, 10 May 2000 04:10:07 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Wed, 10 May 2000 04:10:07 -0700 (PDT) Message-Id: <200005101110.EAA51001@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Ruslan Ermilov Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host Reply-To: Ruslan Ermilov Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/18354; it has been noted by GNATS. From: Ruslan Ermilov To: Brian Somers Cc: goran.lowkrantz@infologigruppen.se, freebsd-gnats-submit@FreeBSD.org, Charles Mott , Eivind Eklund , Ari Suutari Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host Date: Wed, 10 May 2000 13:59:09 +0300 On Tue, May 09, 2000 at 11:41:01PM +0100, Brian Somers wrote: > > >Number: 18354 > > >Category: bin > > >Synopsis: NATD diverts DMZ packets to firewall host > > This is happening because I changed the libalias(3) default so that > it drops packets from outside to inside on the gateway by default > rather than passing them into the (private) internal network. This > behaviour can be altered using PacketAliasSetTarget(). IMHO this is > what people expect and is what the documentation indicated was the > intention. > > When I sent a patch to Ruslan (cc'd) adding a -t option to natd, he > pointed out that natd's documentation clearly doesn't expect this to > happen. > > We decided to ask about the original intentions and decide what to do > based on the outcome, but haven't received a reply from Charles (cc'd > as a gentle poke) yet. > But have managed to MFC the libalias(3) bits :) > So, this is in limbo. At the moment, there's no way to get the old > behaviour (maybe we should add the -t switch in the interim - Ruslan, > have you still got that patch? Or if you don't want to do that, > perhaps we should just do a PacketAliasSetTarget(INADDR_ANY) in > natd.c for now). > I will add a PacketAliasSetTarget(INADDR_ANY) call today. -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message