Date: Tue, 22 Sep 1998 19:40:02 -0700 (PDT) From: Drew Derbyshire <ahd@kew.com> To: freebsd-bugs@FreeBSD.ORG Subject: Re: conf/7989: if we enable firewall and natd we losing connectivity after rc.firewall and before natd start Message-ID: <199809230240.TAA28796@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/7989; it has been noted by GNATS. From: Drew Derbyshire <ahd@kew.com> To: freebsd-gnats-submit@freebsd.org Cc: igor@zynaps.ru Subject: Re: conf/7989: if we enable firewall and natd we losing connectivity after rc.firewall and before natd start Date: Tue, 22 Sep 1998 22:00:08 -0400 (EDT) The following patch corrects the problem of daemons (in particular, ntpdate) not having early access the network through natd. natd is now invoked as the first daemon before named and ntpdate. As natd now precedes named, natd can only use host names in /etc/hosts. (Since most invocations of natd use no host names at all and ntpdate always does, this is a reasonable trade-off.) I'm of the opinion that the entire natd/named/ipfw interaction needs to be revamped to reduce the data passed through natd (data between remote systems and high volume local ports such as SMTP and HTTP should not get a free trip through natd) and to allow most rc.firewall rules to use named (by opening the firewall early to port 53 and then starting named), but that would require a full rework of rc.firewall and rc.network, and well is beyond the scope of this patch... *** rc.network.old Tue Sep 22 21:22:14 1998 --- rc.network Tue Sep 22 21:23:30 1998 *************** *** 155,160 **** --- 155,166 ---- network_pass2() { echo -n 'Doing additional network setup:' + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi *************** *** 255,265 **** # IP multicast routing daemon if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} - fi - - # Network Address Translation daemon - if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then - echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} fi echo '.' --- 261,266 ---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809230240.TAA28796>