Subject: bin/3549: ipnat has silent modes of failure
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 04/27/1997 17:57:55
>Synopsis: ipnat fails without the user having a chance to see if/why
>Responsible: bin-bug-people (Utility Bug People)
>Arrival-Date: Sun Apr 27 09:20:10 1997
>Originator: Martin Husemann
>Release: current as of Apr 22
System: NetBSD rumolt.teuto.de 1.2D NetBSD 1.2D (RUMOLT) #0: Sun Apr 27 19:36:03 MEST 1997 email@example.com:/usr/src/sys-local/arch/i386/compile/RUMOLT i386
ipnat can only work if
(1) there is an "options PFIL_HOOKS" in the kernel config file and
(2) ipf is enabled (via "ipf -E")
Both conditions are not stated in the man page. Failing any of this is
not reported by ipnat. The docs only mentions ipf with these, not ipnat.
Configure ipnat in a system without options PFIL_HOOKS in the kernel
config file. Notice your error, add it, see ipnat still fail until you
add "ipf -E" to your netstart.local.
Several possible: (1) at least document the requirements for ipnat.
Better: (2) add an ioctl to check for PFIL_HOOKS at runtime. Let ipnat
output appropriate diagnostics if this ioctl fails. Let it output diagnostics
if ipf is disabled as well!