Patch-ID# 102891-02 Keywords: address firewall memory leak hang lock lockup router permissions Synopsis: Solstice FireWall-1 1.2.1: Network Address Translation patch for i386 Date: Nov/15/95 Solaris Release: 2.4, 2.5 SunOS Release: 5.4, 5.5 Unbundled Product: Solstice FireWall-1 Unbundled Release: 1.2.1 Relevant Architectures: i386 BugId's fixed with this patch: 1212746 1195829 1201649 1223318 1223316 1201809 1225213 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: fw fwciscoput fwconfig fwui fwmod.5.4.o fwui_head.def fwxlate.ps fwxlate.txt fwxlconf wellfleet.mib xlate.conf Problem Description: This patch enhances the Solstice FireWall-1 1.2.1 release to include NAT, or Network Address Translation functionality. The previous -01 NAT patch had a few bugs, which are now fixed: . DST rule used with host on directly attached Token Ring network caused panic . Log viewer colors not working Also, several known bugs in the Solstice FireWall-1 1.2.1 FCS release are fixed: . Kernel module memory leak when rejecting non-TCP traffic . Lockups when loading filter module during heavy swapping on gateway . Cisco 10.x IOS timeouts during ACL download to router . (Solaris 2.x only) Wellfleet router SNMP operations disabled . Permanent files (in none class) being writable by group when group permissions used . External network interface designator not being configured . Licensing problem when trying to load ruleset on a remote gateway, while the control station is running with 'control' as a single license option . (SunOS 4 only) Kernel module group permissions unconditionally set to 0600 Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- 1. Shutdown the firewall. Type: '/etc/fw/bin/fwstop' 2. Remove the driver: Type: 'rem_drv fw' 3. Use the 'Instructions to install patch using "installpatch" to install the patch, then return to step. 4 of "Special Install Instructions". (Please note the '-u' option for the installpatch script. Failing to use -u will result in fatal errors). 4. Re-install the license: Type: '/etc/fw/bin/fw putlic ' 5. Re-install driver. Type: 'add_drv fw' 6. Re-start the firewall. Type: '/etc/fw/bin/fwstart' Special Backout Instructions: ----------------------------- 1. Shutdown the firewall. Type: '/etc/fw/bin/fwstop' 2. Remove the driver: Type: 'rem_drv fw' 3. Use the 'Instructions for backing out a patch using "backoutpatch" and resume at step 4 of "Special Backout Instructions" 4. Re-install driver. Type: 'add_drv fw' 5. Re-start the firewall. Type: '/etc/fw/bin/fwstart'