| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
- ipfw always rejected rule with `neither in nor out' diagnostics.
- number of src/dst ports was not set properly.
Notes:
svn path=/head/; revision=62159
|
| |
|
|
|
|
|
| |
- SHLIB_MAJOR++.
Notes:
svn path=/head/; revision=61865
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Multiple PPTP clients behind NAT to the same or different servers.
- Single PPTP server behind NAT -- you just need to redirect TCP
port 1723 to a local machine. Multiple servers behind NAT is
possible but would require a simple API change.
- No API changes!
For more information on how this works see comments at the start of
the alias_pptp.c.
PacketAliasPptp() is no longer necessary and will be removed soon.
Submitted by: Erik Salander <erik@whistle.com>
Reviewed by: ru
Rewritten by: ru
Reviewed by: Erik Salander <erik@whistle.com>
Notes:
svn path=/head/; revision=61861
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It does mean that it is now possible to run passive-mode FTP
server behind NAT.
- SECURITY: FTP aliasing engine now ensures that:
o the segment preceding a PORT/227 segment terminates with a \r\n;
o the IP address in the PORT/227 matches the source IP address of
the packet;
o the port number in the PORT command or 277 reply is greater than
or equal to 1024.
Submitted by: Erik Salander <erik@whistle.com>
Reviewed by: ru
Notes:
svn path=/head/; revision=61677
|
| |
|
|
|
|
|
|
|
|
|
| |
that they (once again) go to the target machine rather than
the alias address.
PR: 18354
Submitted by: ru
Notes:
svn path=/head/; revision=60363
|
| |
|
|
|
|
|
|
|
|
| |
to PPTP) with more generic PacketAliasRedirectProto().
Major number is not bumped because it is believed that noone
has started using PacketAliasRedirectPptp() yet.
Notes:
svn path=/head/; revision=59726
|
| |
|
|
|
|
|
|
|
| |
LSNAT links are first created by either PacketAliasRedirectPort() or
PacketAliasRedirectAddress() and then set up by one or more calls to
PacketAliasAddServer().
Notes:
svn path=/head/; revision=59702
|
| |
|
|
|
|
|
|
|
|
| |
- new API function: PacketAliasRedirectPptp()
- new mode bit: PKT_ALIAS_DENY_PPTP
Please see manual page for details.
Notes:
svn path=/head/; revision=59356
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
connections, after SYN packets were seen from both ends. Before this,
it would get applied right after the first SYN packet was seen (either
from client or server). With broken TCP connection attempts, when the
remote end does not respond with SYNACK nor with RST, this resulted in
having a useless (ie, no actual TCP connection associated with it) TCP
link with 86400 seconds TTL, wasting system memory. With high rate of
such broken connection attempts (for example, remote end simply blocks
these connection attempts with ipfw(8) without sending RST back), this
could result in a denial-of-service.
PR: bin/17963
Notes:
svn path=/head/; revision=59237
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
but with `dst_port' work for outgoing packets.
This case was not handled properly when I first fixed this
in revision 1.17.
This change is also required for the upcoming improved PPTP
support patches -- that is how I found the problem.
Before this change:
# natd -v -a aliasIP \
-redirect_port tcp localIP:localPORT publicIP:publicPORT 0:remotePORT
Out [TCP] [TCP] localIP:localPORT -> remoteIP:remotePORT aliased to
[TCP] aliasIP:localPORT -> remoteIP:remotePORT
After this change:
# natd -v -a aliasIP \
-redirect_port tcp localIP:localPORT publicIP:publicPORT 0:remotePORT
Out [TCP] [TCP] localIP:localPORT -> remoteIP:remotePORT aliased to
[TCP] publicIP:publicPORT -> remoteIP:remotePORT
Notes:
svn path=/head/; revision=59181
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
INADDR_NONE: Incoming packets go to the alias address (the default)
INADDR_ANY: Incoming packets are not NAT'd (direct access to the
internal network from outside)
anything else: Incoming packets go to the specified address
Change a few inaddr::s_addr == 0 to inaddr::s_addr == INADDR_ANY
while I'm there.
Notes:
svn path=/head/; revision=58877
|
| |
|
|
|
|
|
|
|
|
| |
redirected and when no target address has been specified, NAT
the destination address to the alias address rather than
allowing people direct access to your internal network from
outside.
Notes:
svn path=/head/; revision=58866
|
| |
|
|
|
|
|
| |
NO_FW_PUNCH isn't defined.
Notes:
svn path=/head/; revision=58279
|
| |
|
|
|
|
|
| |
Submitted by: Erik Salander <erik@whistle.com>
Notes:
svn path=/head/; revision=54415
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the link are equal to the default aliasing address. Do not zero them!
This will fix the problem with non-working links added with the source
and/or aliasing address equal to the default aliasing address, but the
default aliasing address is set later, after the link has been set up,
like both natd(8) and ppp(8) do (for objective reasons).
Reviewed by: Brian Somers <brian@FreeBSD.org>,
Eivind Eklund <eivind@FreeBSD.org>,
Charles Mott <cmott@srv.net>
Notes:
svn path=/head/; revision=51727
|
| |
|
|
|
|
|
|
|
| |
in FindLinkIn(). This will make TcpMonitorIn()/TcpMonitorOut() happy.
Reviewed by: eivind
Notes:
svn path=/head/; revision=51550
|
| |
|
|
|
|
|
|
| |
Instead, natd(8) should be fixed to call PacketAliasSetAddress()
as part of initialization, as required by libalias(3).
Notes:
svn path=/head/; revision=51506
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
`dst_port') work for outgoing packets.
- Make permanent links whose `alias_addr' matches the primary aliasing
address `aliasAddress' work for incoming packets.
- Typo fixes.
Reviewed by: brian, eivind
Notes:
svn path=/head/; revision=51494
|
| |
|
|
| |
Notes:
svn path=/head/; revision=51491
|
| |
|
|
|
|
|
| |
Approved by: brian (well, he approved adding $Id$)
Notes:
svn path=/head/; revision=50597
|
| |
|
|
|
|
|
|
|
| |
for some games.
Notified of problem by: tim@turbinegames.com
Notes:
svn path=/head/; revision=47344
|
| |
|
|
|
|
|
| |
Statify functions in alias_nbt.c
Notes:
svn path=/head/; revision=44616
|
| |
|
|
|
|
|
| |
by passing INADDR_NONE.
Notes:
svn path=/head/; revision=44556
|
| |
|
|
|
|
|
|
|
|
|
| |
- Transparent proxying support added.
- PPTP redirecting support added based on patches
contributed by Dru Nelson <dnelson@redwoodsoft.com>.
Submitted by: Charles Mott <cmott@srv.net>
Notes:
svn path=/head/; revision=44307
|
| |
|
|
|
|
|
|
| |
resulting NULL FILE *.
PR: 9403
Notes:
svn path=/head/; revision=42454
|
| |
|
|
|
|
|
|
|
| |
(and those of us that don't want the functionality).
o Don't assume sizeof(long) == 4.
Ok'd by: Charles Mott <cmott@srv.net>
Notes:
svn path=/head/; revision=35314
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
since there might be permanent entries still left after
calls to DeleteLink (it will be nullified by DeleteLink
if all entries are deleted, won't it ?)
2) in PacketAliasSetAddress, set the aliasing address
even when PKT_ALIAS_RESET_ON_ADDR_CHANGE is in effect.
Just don't clean up links in this case.
Submitted by: Ari Suutari <ari@suutari.iki.fi>
via: Charles Mott <cmott@srv.net>
PR: 5041
Notes:
svn path=/head/; revision=33897
|
| |
|
|
|
|
|
| |
Screwed up by: myself
Notes:
svn path=/head/; revision=32443
|
| |
|
|
|
|
|
| |
necessary evil due to the 108 byte setsockopt() limit).
Notes:
svn path=/head/; revision=32396
|
| |
|
|
| |
Notes:
svn path=/head/; revision=32392
|
| |
|
|
|
|
|
|
| |
Obtained from: Yes development tree (+ 10 lines of patches from
Charles Mott, original libalias author)
Notes:
svn path=/head/; revision=32377
|
| |
|
|
|
|
|
|
| |
Submitted by: Charles Mott <cmott@srv.net>
Identified by: Gordon Burditt
Notes:
svn path=/head/; revision=28084
|
| |
|
|
|
|
|
|
|
| |
functions should now be used. The old 2.1 stuff is
there for backwards compatability.
Submitted by: Charles Mott <cmott@snake.srv.net>
Notes:
svn path=/head/; revision=27864
|
|
|
ppp (or will be shortly). Natd can now be updated to use
this library rather than carrying its own version of the code.
Submitted by: Charles Mott <cmott@srv.net>
Notes:
svn path=/cvs2svn/branches/CMOTT/; revision=26026
|
