Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 22 Sep 1998 19:40:02 -0700 (PDT)
From:      Drew Derbyshire <ahd@kew.com>
To:        freebsd-bugs@FreeBSD.ORG
Subject:   Re: conf/7989: if we enable firewall and natd we losing connectivity after rc.firewall and before natd start
Message-ID:  <199809230240.TAA28796@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/7989; it has been noted by GNATS.

From: Drew Derbyshire <ahd@kew.com>
To: freebsd-gnats-submit@freebsd.org
Cc: igor@zynaps.ru
Subject: Re: conf/7989: if we enable firewall and natd we losing connectivity after rc.firewall and before natd start
Date: Tue, 22 Sep 1998 22:00:08 -0400 (EDT)

 The following patch corrects the problem of daemons (in particular,
 ntpdate) not having early access the network through natd.  natd
 is now invoked as the first daemon before named and ntpdate.  As
 natd now precedes named, natd can only use host names in /etc/hosts.
 (Since most invocations of natd use no host names at all and ntpdate
 always does, this is a reasonable trade-off.)
 
 I'm of the opinion that the entire natd/named/ipfw interaction
 needs to be revamped to reduce the data passed through natd (data
 between remote systems and high volume local ports such as SMTP
 and HTTP should not get a free trip through natd) and to allow most
 rc.firewall rules to use named (by opening the firewall early to
 port 53 and then starting named), but that would require a full
 rework of rc.firewall and rc.network, and well is beyond the scope
 of this patch...
 
 *** rc.network.old	Tue Sep 22 21:22:14 1998
 --- rc.network	Tue Sep 22 21:23:30 1998
 ***************
 *** 155,160 ****
 --- 155,166 ----
   
   network_pass2() {
       echo -n 'Doing additional network setup:'
 + 
 +     # Network Address Translation daemon
 +     if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then
 +             echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
 +     fi
 + 
       if [ "X${named_enable}" = X"YES" ]; then
   	    echo -n ' named';		${named_program-"named"} ${named_flags}
       fi
 ***************
 *** 255,265 ****
       # IP multicast routing daemon
       if [ "X${mrouted_enable}" = X"YES" ]; then
   	    echo -n ' mrouted'; mrouted ${mrouted_flags}
 -     fi
 - 
 -     # Network Address Translation daemon
 -     if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then
 -             echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
       fi
   
       echo '.'
 --- 261,266 ----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809230240.TAA28796>