Date: Mon, 21 May 2001 12:47:37 -0700 (PDT) From: william.carrel@infospace.com To: FreeBSD-gnats-submit@freebsd.org Subject: conf/27511: ipnat not initialized if ipf_enable isn't on Message-ID: <20010521194737.6AEC85D57@gasket.go2net.com>
next in thread | raw e-mail | index | archive | help
>Number: 27511 >Category: conf >Synopsis: ipnat not initialized by rc.network w/o ipfilter_enable=YES >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 21 12:50:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: William Carrel >Release: FreeBSD 4.3-STABLE i386 >Organization: Infospace, Inc. >Environment: System: FreeBSD gasket.go2net.com 4.3-STABLE FreeBSD 4.3-STABLE #1: Tue May 15 14:25:06 PDT 2001 williamc@gasket.go2net.com:/usr/src/sys/compile/GO2SMP i386 SMP kernel with kldloaded ipl.ko (ipfilter and ipnat) >Description: With ipfilter_enable=NO, ipnat_enable=YES and all other related settings at their defaults, ipnat will not have its rules installed at boot time, even though it can operate just fine without ipfilter being "enabled" >How-To-Repeat: Place ipnat_enable=YES in an otherwise orthogonal rc.conf and notice that ipnat rules are not setup during the rc.network part of the boot. >Fix: The following diff applied to /usr/src/etc/rc.network resolves the problem by allowing ipnat and ipfilter to function independent of one another: --- rc.network.bak Mon May 21 12:29:09 2001 +++ rc.network Mon May 21 12:32:59 2001 @@ -60,20 +60,21 @@ ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} ;; esac - case "${ipnat_enable}" in - [Yy][Ee][Ss]) - if [ -r "${ipnat_rules}" ]; then - echo -n ' ipnat'; - eval ${ipnat_program:-/sbin/ipnat -CF -f} \ - "${ipnat_rules}" ${ipnat_flags} - else - echo -n ' NO IPNAT RULES' - fi - ;; - esac else ipfilter_enable="NO" echo -n ' NO IPF RULES' + fi + ;; + esac + + case "${ipnat_enable}" in + [Yy][Ee][Ss]) + if [ -r "${ipnat_rules}" ]; then + echo -n ' ipnat'; + eval ${ipnat_program:-/sbin/ipnat -CF -f} \ + "${ipnat_rules}" ${ipnat_flags} + else + echo -n ' NO IPNAT RULES' fi ;; esac >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010521194737.6AEC85D57>