5.0-RC3 /etc/rc.d/ipfw natd start-up script bug -- was: 5.0-RC1/etc/rc.d/ipfw script and NAT

2003-01-13 Thread Aaron D. Gifford 
Is there any chance of getting the fix suggested in PR-47024 in 5.0 
before release?  Looks like a similar script bug with natd start-up was 
fixed in 4.x-STABLE back in Feb. of 2002 -- See the CVS logs for 
/etc/rc.network, in particular, cjc's log entries for revision 1.124 
(MAIN) and revision 1.74.2.31 (RELENG_4) where this very same bug was 
addressed and fixed in rc.network.

Thanks!

Aaron out.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

5.0-RC1 /etc/rc.d/ipfw script and NAT

2002-12-17 Thread Aaron D. Gifford 
Hi,

There's trouble in the /etc/rc.d/ipfw script in how it changes things 
versus the 4.7 /etc/rc.network script when it comes to NAT in certain 
configurations.

For example, on my home gateway box, rc.conf contains:

  # Network address translation:
  natd_enable="YES"
  natd_interface=""
  natd_flags="-f /etc/natd.conf"

Notice that I deliberately do NOT list any interfaces because I am using 
an explicit configuration file (the "-f /etc/natd.conf" flags).  Under 
4.7-STABLE, the natd daemon will be started appropriately even though 
the natd_interface variable is empty, so long as natd_enable is "YES" 
and so long as I am smart enough to have some sort of configuration 
available to natd.

Under 5.0-RC1, /etc/rc.d/ipfw makes a 2-line change, moving the lines 
that actually start the natd daemon up inside of an if statement.  This 
means folks like myself who use an explicit configuration file (i.e. I 
don't run natd on any one specific interface - I run it inbound on one 
interface, outbound on another using a custom ipfw ruleset and natd 
configuration file) cannot have natd auto-start without changing 
/etc/rc.d/ipfw or starting it by hand somewhere else.

May I request that the two lines in /etc/rc.d/ipfw that start natd be 
moved down a few lines outside of the enclosing "if" block so that the 
functionality many of us -STABLE users are accustomed to may be 
returned?  If not, can anyone shed some light on why it's a bad idea and 
offer any suggestions to me?  (I like to make as few changes to my BSD 
box as possible to have it run how I want it to.)

Thanks!

Aaron out.

- NATD section of /etc/rc.d/ipfw as I would like to see it -
  # Network Address Translation daemon
  #
  if checkyesno natd_enable; then
if [ -n "${natd_interface}" ]; then
  if echo ${natd_interface} | \
 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
   natd_flags="$natd_flags -a ${natd_interface}"
  else
   natd_flags="$natd_flags -n ${natd_interface}"
  fi
fi
echo -n ' natd'
${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
  fi



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message