Bug 148137

Summary: [ipfw] call order of natd and ipfw startup scripts
Product: Base System Reporter: Vitezslav Novy <vnovy>
Component: confAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Only Me    
Priority: Normal    
Version: 8.1-PRERELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
148137.diff none

Description Vitezslav Novy 2010-06-25 11:30:01 UTC
From 8.0-RELEASE ipfw startup script doesn't call natd startup script.
Also there is no information about call order of ipfw a natd startup
script. On my system ipfw is called before natd. If ipdivert module is
not loaded using loader.conf, natd loads it, but ipfw running before fail
to install divert rules.

Fix: 

Define right order (natd, ipfw) of startup scripts
or
load ipdivert module in ipfw startup script if natd_enable="YES"
How-To-Repeat: Configure "open" type ipfw with userland natd and do not configure loading
of ipdivert in loader.conf. Use GENERIC kernel (without ipfw compiled in).
After reboot divert rules are not installed.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2010-06-27 05:16:16 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-rc

I don't know if this is an issue more for the rc folks or for the ipfw folks.
Comment 2 Doug Barton freebsd_committer 2010-06-27 05:43:52 UTC
Responsible Changed
From-To: freebsd-rc->freebsd-ipfw


I vote the latter. :)
Comment 3 candy-sendpr 2010-07-14 02:41:57 UTC
Fix:
Just copy 8.0-RELEASE version /etc/rc.d/ipfw script to your 8.1 box :-)


It seems /etc/rc.d/ipfw 1.21.2.2's bug.

<URL:http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/etc/rc.d/ipfw.diff?r1=text&tr1=1.21&r2=text&tr2=1.21.2.2>

It moved `/etc/rc.d/natd quietstart' sequence
from ipfw_start() to ipfw_poststart().

Natd(8) must be started before ipfw(8) rules are proceeded.
Should be in ipfw_prestart() or ipfw_start().


> From 8.0-RELEASE ipfw startup script doesn't call natd startup script.
> Also there is no information about call order of ipfw a natd startup
> script. On my system ipfw is called before natd. If ipdivert module is
> not loaded using loader.conf, natd loads it, but ipfw running before fail
> to install divert rules.

KANDA Toshihiro <candy-sendpr@kgc.co.jp>
Comment 4 Ceri Davies 2010-12-22 22:48:39 UTC
This still seems to be a problem in 7.4-PRERELEASE too; the attached
patch seems to fix it here.

Ceri
Comment 5 Hiroki Sato freebsd_committer 2011-01-15 16:15:20 UTC
Responsible Changed
From-To: freebsd-ipfw->hrs

I'll take this.
Comment 6 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:00:26 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped