Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 May 2001 12:47:37 -0700 (PDT)
From:      william.carrel@infospace.com
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   conf/27511: ipnat not initialized if ipf_enable isn't on
Message-ID:  <20010521194737.6AEC85D57@gasket.go2net.com>
next in thread | raw e-mail | index | archive | help 


>Number:         27511
>Category:       conf
>Synopsis:       ipnat not initialized by rc.network w/o ipfilter_enable=YES
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 21 12:50:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     William Carrel
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
Infospace, Inc.
>Environment:
System: FreeBSD gasket.go2net.com 4.3-STABLE FreeBSD 4.3-STABLE #1: Tue May 15 14:25:06 PDT 2001 williamc@gasket.go2net.com:/usr/src/sys/compile/GO2SMP i386

SMP kernel with kldloaded ipl.ko (ipfilter and ipnat)

>Description:
With ipfilter_enable=NO, ipnat_enable=YES and all other related settings at
their defaults, ipnat will not have its rules installed at boot time, even 
though it can operate just fine without ipfilter being "enabled"

>How-To-Repeat:
Place ipnat_enable=YES in an otherwise orthogonal rc.conf and notice that 
ipnat rules are not setup during the rc.network part of the boot.

>Fix:
The following diff applied to /usr/src/etc/rc.network resolves the problem 
by allowing ipnat and ipfilter to function independent of one another:

--- rc.network.bak	Mon May 21 12:29:09 2001
+++ rc.network	Mon May 21 12:32:59 2001
@@ -60,20 +60,21 @@
 				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
 				;;
 			esac
-			case "${ipnat_enable}" in
-			[Yy][Ee][Ss])
-				if [ -r "${ipnat_rules}" ]; then
-					echo -n ' ipnat';
-				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
-					"${ipnat_rules}" ${ipnat_flags}
-				else
-					echo -n ' NO IPNAT RULES'
-				fi
-				;;
-			esac
 		else
 			ipfilter_enable="NO"
 			echo -n ' NO IPF RULES'
+		fi
+		;;
+	esac
+
+	case "${ipnat_enable}" in
+	[Yy][Ee][Ss])
+		if [ -r "${ipnat_rules}" ]; then
+			echo -n ' ipnat';
+			eval ${ipnat_program:-/sbin/ipnat -CF -f} \
+				"${ipnat_rules}" ${ipnat_flags}
+		else
+			echo -n ' NO IPNAT RULES'
 		fi
 		;;
 	esac
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010521194737.6AEC85D57>