Date: Mon, 13 Jan 2003 11:13:07 -0700 (MST) From: "Aaron D.Gifford" <agifford@infowest.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: conf/47024: PATCH: Fix /etc/rc.d/ipfw natd start-up bug Message-ID: <20030113181307.D06CFE43D93@delivery.infowest.com>
next in thread | raw e-mail | index | archive | help
>Number: 47024
>Category: conf
>Synopsis: PATCH: Fix /etc/rc.d/ipfw natd start-up bug
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 13 10:20:01 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Aaron D. Gifford
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD my.host 5.0-CURRENT FreeBSD 5.0-CURRENT #9: Mon Dec 30 21:04:03 MST 2002 root@my.host:/usr/obj/usr/src/sys/GENERIC i386
>Description:
It looks like the /etc/rc.d/ipfw script has a problem that used to
exist in FreeBSD 4.x a little over 10 months ago in that start-up
of natd depends on the variable ${natd_interface} being set. The
MFC by cjc on Sat. Feb 23 for /etc/rc.network fixed the problem for
/etc/rc.network for -STABLE users, but the problem still exists
for -CURRENT and 5.0-RC users today in the /etc/rc.d/ipfw script.
A proposed fix is included below as a patch.
>How-To-Repeat:
Create a custom NAT configuration, perhaps like mine, and save it
in a file (/etc/natd.conf in this example):
# CUSTOM NATD CONFIGURATION FILE - See the natd(8) man page for
# options that can be included here.
#
# Interface to do NAT on:
alias_address AA.BB.CC.DD
#
# Windows Remote Desktop stuff:
redirect_port tcp 10.0.0.1:3389 AA.BB.CC.DD:3389
#
Then configure natd in /etc/natd.conf to start like this:
# Network address translation:
natd_enable="YES"
natd_interface=""
natd_flags="-f /etc/natd.conf"
Next, reboot your system that depends on natd.
In spite of the fact that you have a valid, working natd set-up that
would work under -STABLE, natd will NOT start under -CURRENT or under
5.0-RC3. You will have to start natd by hand.
>Fix:
Apply the following patch to /etc/rc.d/ipfw:
--- /usr/src/etc/rc.d/ipfw.orig Sat Oct 12 04:31:31 2002
+++ /usr/src/etc/rc.d/ipfw Fri Dec 13 16:26:14 2002
@@ -47,9 +47,9 @@
else
natd_flags="$natd_flags -n ${natd_interface}"
fi
- echo -n ' natd'
- ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
fi
+ echo -n ' natd'
+ ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
fi
elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
echo 'Warning: kernel has firewall functionality, but' \
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030113181307.D06CFE43D93>