From owner-freebsd-bugs Tue Sep 22 19:40:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA04601 for freebsd-bugs-outgoing; Tue, 22 Sep 1998 19:40:11 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA04521 for ; Tue, 22 Sep 1998 19:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id TAA28796; Tue, 22 Sep 1998 19:40:02 -0700 (PDT) Date: Tue, 22 Sep 1998 19:40:02 -0700 (PDT) Message-Id: <199809230240.TAA28796@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.ORG From: Drew Derbyshire Subject: Re: conf/7989: if we enable firewall and natd we losing connectivity after rc.firewall and before natd start Reply-To: Drew Derbyshire Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR conf/7989; it has been noted by GNATS. From: Drew Derbyshire To: freebsd-gnats-submit@freebsd.org Cc: igor@zynaps.ru Subject: Re: conf/7989: if we enable firewall and natd we losing connectivity after rc.firewall and before natd start Date: Tue, 22 Sep 1998 22:00:08 -0400 (EDT) The following patch corrects the problem of daemons (in particular, ntpdate) not having early access the network through natd. natd is now invoked as the first daemon before named and ntpdate. As natd now precedes named, natd can only use host names in /etc/hosts. (Since most invocations of natd use no host names at all and ntpdate always does, this is a reasonable trade-off.) I'm of the opinion that the entire natd/named/ipfw interaction needs to be revamped to reduce the data passed through natd (data between remote systems and high volume local ports such as SMTP and HTTP should not get a free trip through natd) and to allow most rc.firewall rules to use named (by opening the firewall early to port 53 and then starting named), but that would require a full rework of rc.firewall and rc.network, and well is beyond the scope of this patch... *** rc.network.old Tue Sep 22 21:22:14 1998 --- rc.network Tue Sep 22 21:23:30 1998 *************** *** 155,160 **** --- 155,166 ---- network_pass2() { echo -n 'Doing additional network setup:' + + # Network Address Translation daemon + if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then + echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} + fi + if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi *************** *** 255,265 **** # IP multicast routing daemon if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} - fi - - # Network Address Translation daemon - if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then - echo -n ' natd'; natd ${natd_flags} -n ${natd_interface} fi echo '.' --- 261,266 ---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message