From owner-freebsd-doc Mon Aug 19 18:50: 8 2002 Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 106C337B400 for ; Mon, 19 Aug 2002 18:50:03 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 627E943E75 for ; Mon, 19 Aug 2002 18:50:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7K1o2JU037575 for ; Mon, 19 Aug 2002 18:50:02 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7K1o2Gn037574; Mon, 19 Aug 2002 18:50:02 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD5BA37B400 for ; Mon, 19 Aug 2002 18:46:40 -0700 (PDT) Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E64B43E70 for ; Mon, 19 Aug 2002 18:46:40 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g7K1kdOT041566 for ; Mon, 19 Aug 2002 18:46:39 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.4/8.12.4/Submit) id g7K1kdfB041565; Mon, 19 Aug 2002 18:46:39 -0700 (PDT) Message-Id: <200208200146.g7K1kdfB041565@www.freebsd.org> Date: Mon, 19 Aug 2002 18:46:39 -0700 (PDT) From: Jed Clear To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: docs/41807: natd -punch_fw "bug" Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 41807 >Category: docs >Synopsis: natd -punch_fw "bug" >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 19 18:50:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Jed Clear >Release: 4.5-RELEASE-p19 >Organization: Dis- >Environment: FreeBSD fbsdk6 4.5-RELEASE-p19 FreeBSD 4.5-RELEASE-p19 #12: Mon Aug 19 19:18:43 EDT 2002 root@fbsdk6:/usr/obj/usr/src/sys/K6 i386 >Description: The natd option -punch_fw won't work with kernel securelevel 3 This is really a feature of securelevel 3. >How-To-Repeat: Setup working natd -punch_fw at securelevel 2 or lower on the firewall Go to securelevel 3 Attempt active FTP from client inside to outside, fails. >Fix: "Fix" is to add a note to the natd man page under the -punch_fw option that securelevel 3 will disable punch_fw. Long term: If ipfw can add dynamic "keep-state" routes in securelevel 3, why can't the NAT function? Note I didn't say natd here. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message