From andre.albsmeier@mchp.siemens.de  Mon Feb 19 22:58:41 2001
Return-Path: <andre.albsmeier@mchp.siemens.de>
Received: from goliath.siemens.de (goliath.siemens.de [194.138.37.131])
	by hub.freebsd.org (Postfix) with ESMTP id 678F837B503
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 19 Feb 2001 22:58:40 -0800 (PST)
	(envelope-from andre.albsmeier@mchp.siemens.de)
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11])
	by goliath.siemens.de (8.11.0/8.11.0) with ESMTP id f1K6wcC11301
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 20 Feb 2001 07:58:38 +0100 (MET)
Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7])
	by mail2.siemens.de (8.11.0/8.11.0) with ESMTP id f1K6wbY11201
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 20 Feb 2001 07:58:38 +0100 (MET)
Received: (from localhost)
	by curry.mchp.siemens.de (8.11.2/8.11.2) id f1K6wbS31611
	for FreeBSD-gnats-submit@freebsd.org; Tue, 20 Feb 2001 07:58:37 +0100 (CET)
Message-Id: <200102200658.f1K6wb352425@curry.mchp.siemens.de>
Date: Tue, 20 Feb 2001 07:58:37 +0100 (CET)
From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: FreeBSD-gnats-submit@freebsd.org
Subject: PATCH for rc.network to enable ipnat seperately from ipfilter
X-Send-Pr-Version: 3.2

>Number:         25223
>Category:       conf
>Synopsis:       PATCH for rc.network to enable ipnat seperately from ipfilter
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    darrenr
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Feb 19 23:00:01 PST 2001
>Closed-Date:    Wed Jan 9 09:52:15 PST 2002
>Last-Modified:  Wed Jan 09 09:53:22 PST 2002
>Originator:     Andre Albsmeier
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
>Environment:

All FreeBSD machines that support ipfilter

>Description:

The current way of initialasing ipfilter during system boot
makes it very hard to use ipnat without ipfilter since
${ipfilter_enable} must be "yes" in order to get ${ipnat_enable}
evaluated at all.


>How-To-Repeat:

Try a config in rc.network where ipnat rules are loaded and
ipfilter stuff is left alone.

>Fix:

Move ${ipnat_enable} stuff out of the ${ipfilter_enable}
conditional. Don't know if the ipmon stuff should
be seperate as well...

--- rc.network.ORI	Mon Jan 15 15:21:37 2001
+++ rc.network	Tue Feb 20 07:49:18 2001
@@ -60,20 +60,20 @@
 				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
 				;;
 			esac
-			case "${ipnat_enable}" in
-			[Yy][Ee][Ss])
-				if [ -r "${ipnat_rules}" ]; then
-					echo -n ' ipnat';
-				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
-					"${ipnat_rules}" ${ipnat_flags}
-				else
-					echo -n ' NO IPNAT RULES'
-				fi
-				;;
-			esac
 		else
 			ipfilter_enable="NO"
 			echo -n ' NO IPF RULES'
+		fi
+		;;
+	esac
+	case "${ipnat_enable}" in
+	[Yy][Ee][Ss])
+		if [ -r "${ipnat_rules}" ]; then
+			echo -n ' ipnat';
+			eval ${ipnat_program:-/sbin/ipnat -CF -f} \
+			   "${ipnat_rules}" ${ipnat_flags}
+		else
+			echo -n ' NO IPNAT RULES'
 		fi
 		;;
 	esac
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->darrenr 
Responsible-Changed-By: darrenr 
Responsible-Changed-When: Wed Feb 21 13:33:40 PST 2001 
Responsible-Changed-Why:  
darrenr is responsible for ipnat 

http://www.freebsd.org/cgi/query-pr.cgi?pr=25223 

From: Thomas Quinot <thomas@cuivre.fr.eu.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: conf/25223: PATCH for rc.network to enable ipnat seperately from 
 ipfilter
Date: Sun, 21 Oct 2001 01:59:27 +0200

 See also bin/27016.
 
 --
     Thomas.Quinot@Cuivre.FR.EU.ORG
 
 
 
State-Changed-From-To: open->feedback 
State-Changed-By: guido 
State-Changed-When: Wed Nov 14 14:24:05 MET 2001 
State-Changed-Why:  
Arjan de Vet and Doug Barton have made patches to the FreeBSD rc system 
that should solve all of the known problems with IPFilter. 
Current and stable patches are available at the URL underneath. 
Please be so kind to: 
1) Test the patches if they do work for you 
2) mail your feedback to Arjan de Vet (devet@devet.org) 
3) If al is worked out and Arjan has the patches committed, please 
update the PR. 

Url: 
http://home.iae.nl/users/devet/freebsd/ 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25223 

From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: conf/25223: PATCH for rc.network to enable ipnat seperately from ipfilter
Date: Thu, 6 Dec 2001 07:47:09 +0100

 This was fixed by recent commit to rc.network, thanks!
 
 	-Andre
State-Changed-From-To: feedback->closed 
State-Changed-By: keramida 
State-Changed-When: Wed Jan 9 09:52:15 PST 2002 
State-Changed-Why:  
Submitter says the latest ipfilter changes that were made to 
rc.network fixed the problem. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25223 
>Unformatted:
