From owner-freebsd-bugs  Fri Apr 17 18:40:09 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA04697
          for freebsd-bugs-outgoing; Fri, 17 Apr 1998 18:40:09 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA04664;
          Fri, 17 Apr 1998 18:40:05 -0700 (PDT)
          (envelope-from gnats)
Received: from duey.hs.wolves.k12.mo.us (cdillon@duey.hs.wolves.k12.mo.us [207.160.214.9])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA03247
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 18 Apr 1998 01:33:59 GMT
          (envelope-from cdillon@duey.hs.wolves.k12.mo.us)
Received: (from cdillon@localhost)
	by duey.hs.wolves.k12.mo.us (8.8.7/8.8.7) id UAA04365;
	Fri, 17 Apr 1998 20:33:55 -0500 (CDT)
	(envelope-from cdillon)
Message-Id: <199804180133.UAA04365@duey.hs.wolves.k12.mo.us>
Date: Fri, 17 Apr 1998 20:33:55 -0500 (CDT)
From: cdillon@wolves.k12.mo.us
Reply-To: cdillon@wolves.k12.mo.us
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: conf/6339: Add natd support to rc's, fix natd manpage
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         6339
>Category:       conf
>Synopsis:       Add natd support to rc's, fix natd manpage
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 17 18:40:01 PDT 1998
>Last-Modified:
>Originator:     Chris Dillon
>Organization:
>Release:        FreeBSD 2.2.6-STABLE i386
>Environment:

Stable sources as of 04/17/98

>Description:

Add configuration data to /etc/rc.conf,rc.network,rc.firewall,services to
facilitate easy configuration of natd (as if it wasn't already easy, but that's
beside the point when you're a newbie).  Also fix an inconsistency in the
natd(1) manual page.  -i is incorrectly given as the option to use for the
network interface in the synopsis.  -n is the correct option.

I hope the diffs are acceptable.  I found the neat cvs -q diff -u command.  :-) 
Feel free to re-arrange my placement of items in the various rc's to follow
historical precedences and what not.  Hopefully I did good enough already. 


>How-To-Repeat:

>Fix:

Index: etc/rc.conf
===================================================================
RCS file: /devel/ncvs/src/etc/rc.conf,v
retrieving revision 1.1.2.40
diff -u -r1.1.2.40 rc.conf
--- rc.conf	1998/03/15 16:39:41	1.1.2.40
+++ rc.conf	1998/04/18 00:55:10
@@ -102,6 +102,9 @@
 arpproxy_all=""			# replaces obsolete kernel option ARP_PROXYALL.
 forward_sourceroute="NO"	# do source routing (only if gateway_enable is set to "YES")
 accept_sourceroute="NO"		# accept source routed packets to us
+natd_enable="NO"                # Enable natd if firewall_enable.
+natd_interface="fxp0"           # Public interface to use with natd if natd_enable.
+natd_flags=""                   # Additional flags for natd.
 
 
 ##############################################################
Index: etc/rc.firewall
===================================================================
RCS file: /devel/ncvs/src/etc/rc.firewall,v
retrieving revision 1.6.2.6
diff -u -r1.6.2.6 rc.firewall
--- rc.firewall	1998/02/10 01:45:57	1.6.2.6
+++ rc.firewall	1998/04/18 00:57:13
@@ -58,6 +58,14 @@
 $fwcmd -f flush
 
 ############
+# These rules are required for using natd.  All packets are passed to natd before
+# they encounter your remaining rules.  The firewall rules will then be run again
+# on each packet after translation by natd, minus any divert rules (see natd(8)).
+if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+        $fwcmd add divert natd all from any to any via ${natd_interface}
+fi
+
+############
 # If you just configured ipfw in the kernel as a tool to solve network
 # problems or you just want to disallow some particular kinds of traffic
 # they you will want to change the default policy to open.  You can also
Index: etc/rc.network
===================================================================
RCS file: /devel/ncvs/src/etc/rc.network,v
retrieving revision 1.1.2.18
diff -u -r1.1.2.18 rc.network
--- rc.network	1998/03/09 08:52:01	1.1.2.18
+++ rc.network	1998/04/18 00:48:30
@@ -256,6 +256,12 @@
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then
+            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
Index: etc/services
===================================================================
RCS file: /devel/ncvs/src/etc/services,v
retrieving revision 1.27.2.16
diff -u -r1.27.2.16 services
--- services	1998/03/09 02:59:21	1.27.2.16
+++ services	1998/04/18 00:44:49
@@ -1650,6 +1650,7 @@
 ricardo-lm	6148/udp   #Ricardo North America License Manager
 xdsxdm		6558/tcp	
 xdsxdm		6558/udp	
+natd            6668/divert #Network Address Translation
 acmsoda		6969/tcp
 acmsoda		6969/udp
 afs3-fileserver 7000/tcp   #file server itself

>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message