Date: Tue, 22 Sep 1998 19:40:02 -0700 (PDT) From: Drew Derbyshire <ahd@kew.com> To: freebsd-bugs@FreeBSD.ORG Subject: Re: conf/7989: if we enable firewall and natd we losing connectivity after rc.firewall and before natd start Message-ID: <199809230240.TAA28796@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/7989; it has been noted by GNATS.
From: Drew Derbyshire <ahd@kew.com>
To: freebsd-gnats-submit@freebsd.org
Cc: igor@zynaps.ru
Subject: Re: conf/7989: if we enable firewall and natd we losing connectivity after rc.firewall and before natd start
Date: Tue, 22 Sep 1998 22:00:08 -0400 (EDT)
The following patch corrects the problem of daemons (in particular,
ntpdate) not having early access the network through natd. natd
is now invoked as the first daemon before named and ntpdate. As
natd now precedes named, natd can only use host names in /etc/hosts.
(Since most invocations of natd use no host names at all and ntpdate
always does, this is a reasonable trade-off.)
I'm of the opinion that the entire natd/named/ipfw interaction
needs to be revamped to reduce the data passed through natd (data
between remote systems and high volume local ports such as SMTP
and HTTP should not get a free trip through natd) and to allow most
rc.firewall rules to use named (by opening the firewall early to
port 53 and then starting named), but that would require a full
rework of rc.firewall and rc.network, and well is beyond the scope
of this patch...
*** rc.network.old Tue Sep 22 21:22:14 1998
--- rc.network Tue Sep 22 21:23:30 1998
***************
*** 155,160 ****
--- 155,166 ----
network_pass2() {
echo -n 'Doing additional network setup:'
+
+ # Network Address Translation daemon
+ if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then
+ echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+ fi
+
if [ "X${named_enable}" = X"YES" ]; then
echo -n ' named'; ${named_program-"named"} ${named_flags}
fi
***************
*** 255,265 ****
# IP multicast routing daemon
if [ "X${mrouted_enable}" = X"YES" ]; then
echo -n ' mrouted'; mrouted ${mrouted_flags}
- fi
-
- # Network Address Translation daemon
- if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then
- echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
fi
echo '.'
--- 261,266 ----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809230240.TAA28796>