| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Multiple PPTP clients behind NAT to the same or different servers.
- Single PPTP server behind NAT -- you just need to redirect TCP
port 1723 to a local machine. Multiple servers behind NAT is
possible but would require a simple API change.
- No API changes!
For more information on how this works see comments at the start of
the alias_pptp.c.
PacketAliasPptp() is no longer necessary and will be removed soon.
Submitted by: Erik Salander <erik@whistle.com>
Reviewed by: ru
Rewritten by: ru
Reviewed by: Erik Salander <erik@whistle.com>
Notes:
svn path=/head/; revision=61861
|
| |
|
|
|
|
|
|
|
|
| |
to PPTP) with more generic PacketAliasRedirectProto().
Major number is not bumped because it is believed that noone
has started using PacketAliasRedirectPptp() yet.
Notes:
svn path=/head/; revision=59726
|
| |
|
|
|
|
|
|
|
|
| |
- new API function: PacketAliasRedirectPptp()
- new mode bit: PKT_ALIAS_DENY_PPTP
Please see manual page for details.
Notes:
svn path=/head/; revision=59356
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Minor spelling fixes.
- Make IcmpAliasOut2() really work.
Before this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[87923]: Aliasing to A.A.A.A, mtu 1500 bytes
In [UDP] [UDP] X.X.X.X:49562 -> P.P.P.P:50000 aliased to
[UDP] X.X.X.X:49562 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
[ICMP] A.A.A.A -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49562 > P.P.P.P.50000: udp 3
A.A.A.A > X.X.X.X: icmp: A.A.A.A udp port 50000 unreachable
After this change:
# natd -v -n PUB_IFACE -p 12345 -redirect_address 192.168.1.1 P.P.P.P
natd[89360]: Aliasing to A.A.A.A, mtu 1500 bytes
In [UDP] [UDP] X.X.X.X:49563 -> P.P.P.P:50000 aliased to
[UDP] X.X.X.X:49563 -> 192.168.1.1:50000
Out [ICMP] [ICMP] 192.168.1.1 -> X.X.X.X 3(3) aliased to
[ICMP] P.P.P.P -> X.X.X.X 3(3)
# tcpdump -n -t -i PUB_IFACE host X.X.X.X and "(udp or icmp)"
tcpdump: listening on PUB_IFACE
X.X.X.X.49563 > P.P.P.P.50000: udp 3
P.P.P.P > X.X.X.X: icmp: P.P.P.P udp port 50000 unreachable
Notes:
svn path=/head/; revision=59047
|
| |
|
|
|
|
|
|
|
| |
Requested by: eivind
Discussed with: eivind
Reviewed by: brian, eivind
Notes:
svn path=/head/; revision=51125
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the words of originator:
:If an incoming connection is initiated through natd and deny_incoming is
:not set, then a new alias_link structure is created to handle the link.
:If there is nothing listening for the incoming connection, then the kernel
:responds with a RST for the connection. However, this is not processed
:correctly in libalias/alias.c:TcpMonitor{In,Out} and
:libalias/alias_db.c:SetState{In,Out} as it thinks a connection
:has been established and therefore applies a timeout of 86400 seconds
:to the link.
:
:If many of these half-connections are initiated (during, for example, a
:port scan of the host), then many thousands of unnecessary links are
:created and the resident size of natd balloons to 20MB or more.
PR: 13639
Reviewed by: brian
Notes:
svn path=/head/; revision=51107
|
| |
|
|
|
|
|
| |
Approved by: brian (well, he approved adding $Id$)
Notes:
svn path=/head/; revision=50597
|
| |
|
|
|
|
|
|
|
| |
product and Windows NT tunneling.
Submitted by: Chain Lee <chain@nortelnetworks.com>
Notes:
svn path=/head/; revision=50194
|
| |
|
|
|
|
|
|
|
|
|
| |
is set.
Document PKT_ALIAS_REVERSE.
Pointed out by: Jonathan Hanna <jh@cr1003333-a.crdva1.bc.home.com>
PR: 12304
Notes:
svn path=/head/; revision=48102
|
| |
|
|
|
|
|
| |
Reviewed by: eivind
Notes:
svn path=/head/; revision=44979
|
| |
|
|
|
|
|
|
|
|
|
| |
- Transparent proxying support added.
- PPTP redirecting support added based on patches
contributed by Dru Nelson <dnelson@redwoodsoft.com>.
Submitted by: Charles Mott <cmott@srv.net>
Notes:
svn path=/head/; revision=44307
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add bounds checking to netbios NS packet resolving code. This should
prevent natd from crashing on badly formed netbios packets (as might be
heard when the machine is sitting on a cable modem or certain DSL
networks), and also closes potential security holes that might have
exploited the lack of bounds checking in the previous version of the
code.
Notes:
svn path=/head/; revision=41759
|
| |
|
|
|
|
|
|
| |
could I find anyone to test it, so please report any
problems to me.
Notes:
svn path=/head/; revision=37131
|
| |
|
|
| |
Notes:
svn path=/head/; revision=36834
|
| |
|
|
|
|
|
|
|
|
| |
DOMAIN as DOMAIN user through NAT function. See also RFC1002 for
futher detail of SMB structure.
Submitted by: Atsushi Murai <amurai@spec.co.jp>
Notes:
svn path=/head/; revision=36321
|
| |
|
|
|
|
|
|
|
| |
(and those of us that don't want the functionality).
o Don't assume sizeof(long) == 4.
Ok'd by: Charles Mott <cmott@srv.net>
Notes:
svn path=/head/; revision=35314
|
| |
|
|
|
|
|
|
| |
Obtained from: Yes development tree (+ 10 lines of patches from
Charles Mott, original libalias author)
Notes:
svn path=/head/; revision=32377
|
| |
|
|
|
|
|
|
|
|
| |
Submitted by: Charles Mott <cmott@srv.net>
Add __libalias_version so that ppp can derive the
correct library name for dlopen()
Notes:
svn path=/head/; revision=29162
|
| |
|
|
|
|
|
|
|
| |
functions should now be used. The old 2.1 stuff is
there for backwards compatability.
Submitted by: Charles Mott <cmott@snake.srv.net>
Notes:
svn path=/head/; revision=27864
|
|
|
ppp (or will be shortly). Natd can now be updated to use
this library rather than carrying its own version of the code.
Submitted by: Charles Mott <cmott@srv.net>
Notes:
svn path=/cvs2svn/branches/CMOTT/; revision=26026
|
