From cdillon@duey.hs.wolves.k12.mo.us  Sat Apr 18 01:34:02 1998
Received: from duey.hs.wolves.k12.mo.us (cdillon@duey.hs.wolves.k12.mo.us [207.160.214.9])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA03247
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 18 Apr 1998 01:33:59 GMT
          (envelope-from cdillon@duey.hs.wolves.k12.mo.us)
Received: (from cdillon@localhost)
	by duey.hs.wolves.k12.mo.us (8.8.7/8.8.7) id UAA04365;
	Fri, 17 Apr 1998 20:33:55 -0500 (CDT)
	(envelope-from cdillon)
Message-Id: <199804180133.UAA04365@duey.hs.wolves.k12.mo.us>
Date: Fri, 17 Apr 1998 20:33:55 -0500 (CDT)
From: cdillon@wolves.k12.mo.us
Reply-To: cdillon@wolves.k12.mo.us
To: FreeBSD-gnats-submit@freebsd.org
Subject: Add natd support to rc's, fix natd manpage
X-Send-Pr-Version: 3.2

>Number:         6339
>Category:       conf
>Synopsis:       Add natd support to rc's, fix natd manpage
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    brian
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 17 18:40:01 PDT 1998
>Closed-Date:    Sat Apr 18 03:27:52 PDT 1998
>Last-Modified:  Sat Apr 18 03:28:12 PDT 1998
>Originator:     Chris Dillon
>Release:        FreeBSD 2.2.6-STABLE i386
>Organization:
>Environment:

Stable sources as of 04/17/98

>Description:

Add configuration data to /etc/rc.conf,rc.network,rc.firewall,services to
facilitate easy configuration of natd (as if it wasn't already easy, but that's
beside the point when you're a newbie).  Also fix an inconsistency in the
natd(1) manual page.  -i is incorrectly given as the option to use for the
network interface in the synopsis.  -n is the correct option.

I hope the diffs are acceptable.  I found the neat cvs -q diff -u command.  :-) 
Feel free to re-arrange my placement of items in the various rc's to follow
historical precedences and what not.  Hopefully I did good enough already. 


>How-To-Repeat:

>Fix:

Index: etc/rc.conf
===================================================================
RCS file: /devel/ncvs/src/etc/rc.conf,v
retrieving revision 1.1.2.40
diff -u -r1.1.2.40 rc.conf
--- rc.conf	1998/03/15 16:39:41	1.1.2.40
+++ rc.conf	1998/04/18 00:55:10
@@ -102,6 +102,9 @@
 arpproxy_all=""			# replaces obsolete kernel option ARP_PROXYALL.
 forward_sourceroute="NO"	# do source routing (only if gateway_enable is set to "YES")
 accept_sourceroute="NO"		# accept source routed packets to us
+natd_enable="NO"                # Enable natd if firewall_enable.
+natd_interface="fxp0"           # Public interface to use with natd if natd_enable.
+natd_flags=""                   # Additional flags for natd.
 
 
 ##############################################################
Index: etc/rc.firewall
===================================================================
RCS file: /devel/ncvs/src/etc/rc.firewall,v
retrieving revision 1.6.2.6
diff -u -r1.6.2.6 rc.firewall
--- rc.firewall	1998/02/10 01:45:57	1.6.2.6
+++ rc.firewall	1998/04/18 00:57:13
@@ -58,6 +58,14 @@
 $fwcmd -f flush
 
 ############
+# These rules are required for using natd.  All packets are passed to natd before
+# they encounter your remaining rules.  The firewall rules will then be run again
+# on each packet after translation by natd, minus any divert rules (see natd(8)).
+if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" ]; then
+        $fwcmd add divert natd all from any to any via ${natd_interface}
+fi
+
+############
 # If you just configured ipfw in the kernel as a tool to solve network
 # problems or you just want to disallow some particular kinds of traffic
 # they you will want to change the default policy to open.  You can also
Index: etc/rc.network
===================================================================
RCS file: /devel/ncvs/src/etc/rc.network,v
retrieving revision 1.1.2.18
diff -u -r1.1.2.18 rc.network
--- rc.network	1998/03/09 08:52:01	1.1.2.18
+++ rc.network	1998/04/18 00:48:30
@@ -256,6 +256,12 @@
     if [ "X${mrouted_enable}" = X"YES" ]; then
 	    echo -n ' mrouted'; mrouted ${mrouted_flags}
     fi
+
+    # Network Address Translation daemon
+    if [ "X${natd_enable}" = X"YES" -a "X${natd_interface}" != X"" -a "X${firewall_enable}" = X"YES" ]; then
+            echo -n ' natd'; natd ${natd_flags} -n ${natd_interface}
+    fi
+
     echo '.'
     network_pass3_done=YES
 }
Index: etc/services
===================================================================
RCS file: /devel/ncvs/src/etc/services,v
retrieving revision 1.27.2.16
diff -u -r1.27.2.16 services
--- services	1998/03/09 02:59:21	1.27.2.16
+++ services	1998/04/18 00:44:49
@@ -1650,6 +1650,7 @@
 ricardo-lm	6148/udp   #Ricardo North America License Manager
 xdsxdm		6558/tcp	
 xdsxdm		6558/udp	
+natd            6668/divert #Network Address Translation
 acmsoda		6969/tcp
 acmsoda		6969/udp
 afs3-fileserver 7000/tcp   #file server itself

>Release-Note:
>Audit-Trail:

From: Chris Dillon <cdillon@wolves.k12.mo.us>
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  Subject: Re: conf/6339: Add natd support to rc's, fix natd manpage
Date: Fri, 17 Apr 1998 20:50:22 -0500 (CDT)

 Oops.  Left the diff to fix the manpage out of that.
 
 
 Index: natd.8
 ===================================================================
 RCS file: /devel/ncvs/src/usr.sbin/natd/natd.8,v
 retrieving revision 1.4.2.7
 diff -u -r1.4.2.7 natd.8
 --- natd.8      1998/02/20 15:42:05     1.4.2.7
 +++ natd.8      1998/04/18 00:58:32
 @@ -15,7 +15,7 @@
  .Op Fl o Ar outport
  .Op Fl p Ar port
  .Op Fl a Ar address
 -.Op Fl i Ar interface
 +.Op Fl n Ar interface
  .Op Fl f Ar configfile
  
  .Nm
 
 
Responsible-Changed-From-To: freebsd-bugs->brian 
Responsible-Changed-By: brian 
Responsible-Changed-When: Sat Apr 18 03:04:01 PDT 1998 
Responsible-Changed-Why:  
I'll do the commit 
State-Changed-From-To: open->closed 
State-Changed-By: brian 
State-Changed-When: Sat Apr 18 03:27:52 PDT 1998 
State-Changed-Why:  
Patches submitted along with an update to rc.conf.5 
>Unformatted:
