From owner-freebsd-bugs  Mon Jan 13 10:20: 6 2003
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B969C37B401
	for <freebsd-bugs@hub.freebsd.org>; Mon, 13 Jan 2003 10:20:03 -0800 (PST)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5A53043F1E
	for <freebsd-bugs@hub.freebsd.org>; Mon, 13 Jan 2003 10:20:02 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h0DIK2NS040283
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 13 Jan 2003 10:20:02 -0800 (PST)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h0DIK2XG040282;
	Mon, 13 Jan 2003 10:20:02 -0800 (PST)
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ABB1F37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Jan 2003 10:13:22 -0800 (PST)
Received: from delivery.infowest.com (delivery.infowest.com [204.17.177.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5495143F1E
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Jan 2003 10:13:22 -0800 (PST)
	(envelope-from agifford@infowest.com)
Received: from eq.net (unknown [208.186.104.163])
	by delivery.infowest.com (Postfix) with SMTP
	id D06CFE43D93; Mon, 13 Jan 2003 11:13:07 -0700 (MST)
Message-Id: <20030113181307.D06CFE43D93@delivery.infowest.com>
Date: Mon, 13 Jan 2003 11:13:07 -0700 (MST)
From: "Aaron D.Gifford" <agifford@infowest.com>
Reply-To: "Aaron D.Gifford" <agifford@infowest.com>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Subject: conf/47024: PATCH: Fix /etc/rc.d/ipfw natd start-up bug
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         47024
>Category:       conf
>Synopsis:       PATCH: Fix /etc/rc.d/ipfw natd start-up bug
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 13 10:20:01 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Aaron D. Gifford
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD my.host 5.0-CURRENT FreeBSD 5.0-CURRENT #9: Mon Dec 30 21:04:03 MST 2002 root@my.host:/usr/obj/usr/src/sys/GENERIC i386


>Description:
	It looks like the /etc/rc.d/ipfw script has a problem that used to
	exist in FreeBSD 4.x a little over 10 months ago in that start-up
	of natd depends on the variable ${natd_interface} being set.  The
	MFC by cjc on Sat. Feb 23 for /etc/rc.network fixed the problem for
	/etc/rc.network for -STABLE users, but the problem still exists
	for -CURRENT and 5.0-RC users today in the /etc/rc.d/ipfw script.
	A proposed fix is included below as a patch.
>How-To-Repeat:
	Create a custom NAT configuration, perhaps like mine, and save it
	in a file (/etc/natd.conf in this example):

            # CUSTOM NATD CONFIGURATION FILE - See the natd(8) man page for
            # options that can be included here.
            #
            # Interface to do NAT on:
            alias_address AA.BB.CC.DD
            #
            # Windows Remote Desktop stuff:
            redirect_port tcp 10.0.0.1:3389 AA.BB.CC.DD:3389
            #
 
        Then configure natd in /etc/natd.conf to start like this:

            # Network address translation:
            natd_enable="YES"
            natd_interface=""
            natd_flags="-f /etc/natd.conf"

        Next, reboot your system that depends on natd.

        In spite of the fact that you have a valid, working natd set-up that
        would work under -STABLE, natd will NOT start under -CURRENT or under
        5.0-RC3.  You will have to start natd by hand.

>Fix:
        Apply the following patch to /etc/rc.d/ipfw:

--- /usr/src/etc/rc.d/ipfw.orig	Sat Oct 12 04:31:31 2002
+++ /usr/src/etc/rc.d/ipfw	Fri Dec 13 16:26:14 2002
@@ -47,9 +47,9 @@
 				else
 					natd_flags="$natd_flags -n ${natd_interface}"
 				fi
-				echo -n ' natd'
-				${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
 			fi
+			echo -n ' natd'
+			${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
 		fi
 	elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
 		echo 'Warning: kernel has firewall functionality, but' \
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message