From agifford@infowest.com  Mon Jan 13 10:13:22 2003
Return-Path: <agifford@infowest.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ABB1F37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Jan 2003 10:13:22 -0800 (PST)
Received: from delivery.infowest.com (delivery.infowest.com [204.17.177.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5495143F1E
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 13 Jan 2003 10:13:22 -0800 (PST)
	(envelope-from agifford@infowest.com)
Received: from eq.net (unknown [208.186.104.163])
	by delivery.infowest.com (Postfix) with SMTP
	id D06CFE43D93; Mon, 13 Jan 2003 11:13:07 -0700 (MST)
Message-Id: <20030113181307.D06CFE43D93@delivery.infowest.com>
Date: Mon, 13 Jan 2003 11:13:07 -0700 (MST)
From: Aaron D.Gifford <agifford@infowest.com>
Reply-To: Aaron D.Gifford <agifford@infowest.com>
To: FreeBSD-gnats-submit@freebsd.org
Subject: PATCH: Fix /etc/rc.d/ipfw natd start-up bug
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         47024
>Category:       conf
>Synopsis:       PATCH: Fix /etc/rc.d/ipfw natd start-up bug
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    mtm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 13 10:20:01 PST 2003
>Closed-Date:    Wed Jan 15 19:28:30 PST 2003
>Last-Modified:  Wed Jan 15 19:28:30 PST 2003
>Originator:     Aaron D. Gifford
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
>Environment:
System: FreeBSD my.host 5.0-CURRENT FreeBSD 5.0-CURRENT #9: Mon Dec 30 21:04:03 MST 2002 root@my.host:/usr/obj/usr/src/sys/GENERIC i386


>Description:
	It looks like the /etc/rc.d/ipfw script has a problem that used to
	exist in FreeBSD 4.x a little over 10 months ago in that start-up
	of natd depends on the variable ${natd_interface} being set.  The
	MFC by cjc on Sat. Feb 23 for /etc/rc.network fixed the problem for
	/etc/rc.network for -STABLE users, but the problem still exists
	for -CURRENT and 5.0-RC users today in the /etc/rc.d/ipfw script.
	A proposed fix is included below as a patch.
>How-To-Repeat:
	Create a custom NAT configuration, perhaps like mine, and save it
	in a file (/etc/natd.conf in this example):

            # CUSTOM NATD CONFIGURATION FILE - See the natd(8) man page for
            # options that can be included here.
            #
            # Interface to do NAT on:
            alias_address AA.BB.CC.DD
            #
            # Windows Remote Desktop stuff:
            redirect_port tcp 10.0.0.1:3389 AA.BB.CC.DD:3389
            #
 
        Then configure natd in /etc/natd.conf to start like this:

            # Network address translation:
            natd_enable="YES"
            natd_interface=""
            natd_flags="-f /etc/natd.conf"

        Next, reboot your system that depends on natd.

        In spite of the fact that you have a valid, working natd set-up that
        would work under -STABLE, natd will NOT start under -CURRENT or under
        5.0-RC3.  You will have to start natd by hand.

>Fix:
        Apply the following patch to /etc/rc.d/ipfw:

--- /usr/src/etc/rc.d/ipfw.orig	Sat Oct 12 04:31:31 2002
+++ /usr/src/etc/rc.d/ipfw	Fri Dec 13 16:26:14 2002
@@ -47,9 +47,9 @@
 				else
 					natd_flags="$natd_flags -n ${natd_interface}"
 				fi
-				echo -n ' natd'
-				${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
 			fi
+			echo -n ' natd'
+			${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
 		fi
 	elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
 		echo 'Warning: kernel has firewall functionality, but' \
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->analyzed 
State-Changed-By: mtm 
State-Changed-When: Mon Jan 13 18:54:24 PST 2003 
State-Changed-Why:  
Thanks for catching this! 
This will make it into -CURRENT. I've sent a request 
to the Release Engineers for approval to commit it 
to RELENG_5_0. 


Responsible-Changed-From-To: freebsd-bugs->mtm 
Responsible-Changed-By: mtm 
Responsible-Changed-When: Mon Jan 13 18:54:24 PST 2003 
Responsible-Changed-Why:  
I'll take this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47024 
State-Changed-From-To: analyzed->closed 
State-Changed-By: mtm 
State-Changed-When: Wed Jan 15 19:27:25 PST 2003 
State-Changed-Why:  
Committed to -CURRENT; too late to make it into 5.0-RELEASE. 
Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=47024 
>Unformatted:
