Subject: bin/3549: ipnat has silent modes of failure
To: None <>
From: None <>
List: netbsd-bugs
Date: 04/27/1997 17:57:55
>Number:         3549
>Category:       bin
>Synopsis:       ipnat fails without the user having a chance to see if/why
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 27 09:20:10 1997
>Originator:     Martin Husemann
>Release:        current as of Apr 22

System: NetBSD 1.2D NetBSD 1.2D (RUMOLT) #0: Sun Apr 27 19:36:03 MEST 1997 i386


ipnat can only work if 
 (1) there is an "options PFIL_HOOKS" in the kernel config file and
 (2) ipf is enabled (via "ipf -E")

Both conditions are not stated in the man page. Failing any of this is
not reported by ipnat. The docs only mentions ipf with these, not ipnat.


Configure ipnat in a system without options PFIL_HOOKS in the kernel
config file. Notice your error, add it, see ipnat still fail until you
add "ipf -E" to your netstart.local.


Several possible: (1) at least document the requirements for ipnat.
Better: (2) add an ioctl to check for PFIL_HOOKS at runtime. Let ipnat
output appropriate diagnostics if this ioctl fails. Let it output diagnostics
if ipf is disabled as well!