>Number:         16615
>Category:       kern
>Synopsis:       ipnat -l can output rules that cannot be fed back to itself
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 02 08:56:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Sergey Svishchev
>Release:        1.5ZC
>Organization:
>Environment:
>Description:
/etc/ipnat.conf:
map ppp0 10.0.0.0/8 -> 62.118.132.140/32 portmap tcp/udp auto

List of active MAP/Redirect filters:
map ppp0 10.0.0.0/8  -> 62.118.132.140/32  portmap auto

>How-To-Repeat:
Try to remove NAT rules on-the-fly with "ipnat -l | fgrep portmap | ipnat -r -f -".  See ipnat complain about syntax error.

>Fix:
Index: dist/ipf/printnat.c
--- printnat.c	2002/03/14 21:47:20	1.4
+++ printnat.c	2002/04/29 22:17:35
@@ -433,6 +433,12 @@
 				printf("\n\tip modulous %d", np->in_pmax);
 		} else if (np->in_pmin || np->in_pmax) {
 			printf(" portmap");
+			if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
+				printf(" tcp/udp");
+			else if (np->in_flags & IPN_TCP)
+				printf(" tcp");
+			else if (np->in_flags & IPN_UDP)
+				printf(" udp");
 			if (np->in_flags & IPN_AUTOPORTMAP) {
 				printf(" auto");
 				if (opts & OPT_DEBUG)
@@ -441,12 +447,6 @@
 					       ntohs(np->in_pmax),
 					       np->in_ippip, np->in_ppip);
 			} else {
-				if ((np->in_flags & IPN_TCPUDP) == IPN_TCPUDP)
-					printf(" tcp/udp");
-				else if (np->in_flags & IPN_TCP)
-					printf(" tcp");
-				else if (np->in_flags & IPN_UDP)
-					printf(" udp");
 				printf(" %d:%d", ntohs(np->in_pmin),
 				       ntohs(np->in_pmax));
 			}

>Release-Note:
>Audit-Trail:
>Unformatted: