Date: Mon, 19 Aug 2002 18:46:39 -0700 (PDT) From: Jed Clear <clear@netaxs.com> To: freebsd-gnats-submit@FreeBSD.org Subject: docs/41807: natd -punch_fw "bug" Message-ID: <200208200146.g7K1kdfB041565@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 41807 >Category: docs >Synopsis: natd -punch_fw "bug" >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 19 18:50:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Jed Clear >Release: 4.5-RELEASE-p19 >Organization: Dis- >Environment: FreeBSD fbsdk6 4.5-RELEASE-p19 FreeBSD 4.5-RELEASE-p19 #12: Mon Aug 19 19:18:43 EDT 2002 root@fbsdk6:/usr/obj/usr/src/sys/K6 i386 >Description: The natd option -punch_fw won't work with kernel securelevel 3 This is really a feature of securelevel 3. >How-To-Repeat: Setup working natd -punch_fw at securelevel 2 or lower on the firewall Go to securelevel 3 Attempt active FTP from client inside to outside, fails. >Fix: "Fix" is to add a note to the natd man page under the -punch_fw option that securelevel 3 will disable punch_fw. Long term: If ipfw can add dynamic "keep-state" routes in securelevel 3, why can't the NAT function? Note I didn't say natd here. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208200146.g7K1kdfB041565>