>Number:         3549
>Category:       bin
>Synopsis:       ipnat fails without the user having a chance to see if/why
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 27 09:20:10 1997
>Last-Modified:
>Originator:     Martin Husemann
>Organization:
private
>Release:        current as of Apr 22
>Environment:

System: NetBSD rumolt.teuto.de 1.2D NetBSD 1.2D (RUMOLT) #0: Sun Apr 27 19:36:03 MEST 1997 root@hwart.teuto.de:/usr/src/sys-local/arch/i386/compile/RUMOLT i386


>Description:

ipnat can only work if 
 (1) there is an "options PFIL_HOOKS" in the kernel config file and
 (2) ipf is enabled (via "ipf -E")

Both conditions are not stated in the man page. Failing any of this is
not reported by ipnat. The docs only mentions ipf with these, not ipnat.

>How-To-Repeat:

Configure ipnat in a system without options PFIL_HOOKS in the kernel
config file. Notice your error, add it, see ipnat still fail until you
add "ipf -E" to your netstart.local.

>Fix:

Several possible: (1) at least document the requirements for ipnat.
Better: (2) add an ioctl to check for PFIL_HOOKS at runtime. Let ipnat
output appropriate diagnostics if this ioctl fails. Let it output diagnostics
if ipf is disabled as well!
>Audit-Trail:
>Unformatted: