From owner-freebsd-current Tue Dec 17 15: 1:29 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD94F37B401 for ; Tue, 17 Dec 2002 15:01:27 -0800 (PST) Received: from delivery.infowest.com (delivery.infowest.com [204.17.177.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AFDB43ED1 for ; Tue, 17 Dec 2002 15:01:27 -0800 (PST) (envelope-from agifford@infowest.com) Received: from infowest.com (eq.net [208.186.104.163]) by delivery.infowest.com (Postfix) with ESMTP id A7A07E3C2A8 for ; Tue, 17 Dec 2002 16:01:26 -0700 (MST) Message-ID: <3DFFACA6.8000000@infowest.com> Date: Tue, 17 Dec 2002 16:00:54 -0700 From: "Aaron D. Gifford" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: 5.0-RC1 /etc/rc.d/ipfw script and NAT Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, There's trouble in the /etc/rc.d/ipfw script in how it changes things versus the 4.7 /etc/rc.network script when it comes to NAT in certain configurations. For example, on my home gateway box, rc.conf contains: # Network address translation: natd_enable="YES" natd_interface="" natd_flags="-f /etc/natd.conf" Notice that I deliberately do NOT list any interfaces because I am using an explicit configuration file (the "-f /etc/natd.conf" flags). Under 4.7-STABLE, the natd daemon will be started appropriately even though the natd_interface variable is empty, so long as natd_enable is "YES" and so long as I am smart enough to have some sort of configuration available to natd. Under 5.0-RC1, /etc/rc.d/ipfw makes a 2-line change, moving the lines that actually start the natd daemon up inside of an if statement. This means folks like myself who use an explicit configuration file (i.e. I don't run natd on any one specific interface - I run it inbound on one interface, outbound on another using a custom ipfw ruleset and natd configuration file) cannot have natd auto-start without changing /etc/rc.d/ipfw or starting it by hand somewhere else. May I request that the two lines in /etc/rc.d/ipfw that start natd be moved down a few lines outside of the enclosing "if" block so that the functionality many of us -STABLE users are accustomed to may be returned? If not, can anyone shed some light on why it's a bad idea and offer any suggestions to me? (I like to make as few changes to my BSD box as possible to have it run how I want it to.) Thanks! Aaron out. ----- NATD section of /etc/rc.d/ipfw as I would like to see it ----- # Network Address Translation daemon # if checkyesno natd_enable; then if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then natd_flags="$natd_flags -a ${natd_interface}" else natd_flags="$natd_flags -n ${natd_interface}" fi fi echo -n ' natd' ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} fi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message