Date: Tue, 9 May 2000 23:50:01 -0700 (PDT) From: "Lowkrantz, Goran" <Goran.Lowkrantz@infologigruppen.se> To: freebsd-bugs@FreeBSD.org Subject: RE: bin/18354: NATD diverts DMZ packets to firewall host Message-ID: <200005100650.XAA07541@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/18354; it has been noted by GNATS. From: "Lowkrantz, Goran" <Goran.Lowkrantz@infologigruppen.se> To: "'Brian Somers'" <brian@Awfulhak.org> Cc: freebsd-gnats-submit@FreeBSD.org, Ruslan Ermilov <ru@FreeBSD.org>, Charles Mott <cmott@scientech.com>, Eivind Eklund <perhaps@yes.no>, Ari Suutari <ari@suutari.iki.fi> Subject: RE: bin/18354: NATD diverts DMZ packets to firewall host Date: Wed, 10 May 2000 08:40:43 +0200 OK. I understand. But I can't read this behavior from natd(8), as the 3d para don't mension what happens if no match is found or the IP isn't that of the firewall IF. If the current behavior is the intended, then it should be documented. And as it's a change in behavior, somthing should be said about it in the release notes. Was this patch given a HEADS UP? May I suggest somthing like this for natd(8)? Description - add to 3d para If no entry is found or the target IP is not the current machine, the packet is modified to the IP number of the current machine. Cheers, GLZ > -----Original Message----- > From: Brian Somers [mailto:brian@Awfulhak.org] > Sent: Wednesday, May 10, 2000 12:41 AM > To: goran.lowkrantz@infologigruppen.se > Cc: freebsd-gnats-submit@FreeBSD.org; Brian Somers; Ruslan Ermilov; > Charles Mott; Eivind Eklund; Ari Suutari > Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host > > > > >Number: 18354 > > >Category: bin > > >Synopsis: NATD diverts DMZ packets to firewall host > > This is happening because I changed the libalias(3) default so that > it drops packets from outside to inside on the gateway by default > rather than passing them into the (private) internal network. This > behaviour can be altered using PacketAliasSetTarget(). IMHO this is > what people expect and is what the documentation indicated was the > intention. > > When I sent a patch to Ruslan (cc'd) adding a -t option to natd, he > pointed out that natd's documentation clearly doesn't expect this to > happen. > > We decided to ask about the original intentions and decide what to do > based on the outcome, but haven't received a reply from Charles (cc'd > as a gentle poke) yet. > > So, this is in limbo. At the moment, there's no way to get the old > behaviour (maybe we should add the -t switch in the interim - Ruslan, > have you still got that patch? Or if you don't want to do that, > perhaps we should just do a PacketAliasSetTarget(INADDR_ANY) in > natd.c for now). > -- > Brian <brian@Awfulhak.org> > <brian@[uk.]FreeBSD.org> > <http://www.Awfulhak.org>; > <brian@[uk.]OpenBSD.org> > Don't _EVER_ lose your sense of humour ! > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005100650.XAA07541>