From owner-freebsd-bugs Mon May 21 12:50:14 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E9ED837B43C for ; Mon, 21 May 2001 12:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f4LJo1a11879; Mon, 21 May 2001 12:50:01 -0700 (PDT) (envelope-from gnats) Received: from jack.go2net.com (jack.go2net.com [64.50.65.20]) by hub.freebsd.org (Postfix) with SMTP id 0530E37B424 for ; Mon, 21 May 2001 12:48:15 -0700 (PDT) (envelope-from williamc@infospace.com) Received: (qmail 31980 invoked from network); 21 May 2001 19:48:41 -0000 Received: from absolut.go2net.com (10.200.10.74) by jack.go2net.com with SMTP; 21 May 2001 19:48:41 -0000 Received: (qmail 15599 invoked from network); 21 May 2001 19:48:03 -0000 Received: from gasket.go2net.com ([10.225.32.118]) (envelope-sender ) by absolut.go2net.com (qmail-ldap-1.03) with SMTP for ; 21 May 2001 19:48:03 -0000 Received: by gasket.go2net.com (Postfix, from userid 492) id 6AEC85D57; Mon, 21 May 2001 12:47:37 -0700 (PDT) Message-Id: <20010521194737.6AEC85D57@gasket.go2net.com> Date: Mon, 21 May 2001 12:47:37 -0700 (PDT) From: william.carrel@infospace.com Reply-To: william.carrel@infospace.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: conf/27511: ipnat not initialized if ipf_enable isn't on Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 27511 >Category: conf >Synopsis: ipnat not initialized by rc.network w/o ipfilter_enable=YES >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 21 12:50:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: William Carrel >Release: FreeBSD 4.3-STABLE i386 >Organization: Infospace, Inc. >Environment: System: FreeBSD gasket.go2net.com 4.3-STABLE FreeBSD 4.3-STABLE #1: Tue May 15 14:25:06 PDT 2001 williamc@gasket.go2net.com:/usr/src/sys/compile/GO2SMP i386 SMP kernel with kldloaded ipl.ko (ipfilter and ipnat) >Description: With ipfilter_enable=NO, ipnat_enable=YES and all other related settings at their defaults, ipnat will not have its rules installed at boot time, even though it can operate just fine without ipfilter being "enabled" >How-To-Repeat: Place ipnat_enable=YES in an otherwise orthogonal rc.conf and notice that ipnat rules are not setup during the rc.network part of the boot. >Fix: The following diff applied to /usr/src/etc/rc.network resolves the problem by allowing ipnat and ipfilter to function independent of one another: --- rc.network.bak Mon May 21 12:29:09 2001 +++ rc.network Mon May 21 12:32:59 2001 @@ -60,20 +60,21 @@ ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} ;; esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat'; - eval ${ipnat_program:-/sbin/ipnat -CF -f} \ - "${ipnat_rules}" ${ipnat_flags} - else - echo -n ' NO IPNAT RULES' - fi - ;; - esac else ipfilter_enable="NO" echo -n ' NO IPF RULES' + fi + ;; + esac + + case "${ipnat_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipnat_rules}" ]; then + echo -n ' ipnat'; + eval ${ipnat_program:-/sbin/ipnat -CF -f} \ + "${ipnat_rules}" ${ipnat_flags} + else + echo -n ' NO IPNAT RULES' fi ;; esac >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message