| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
IP datagram embedded into ICMP error message.
Notes:
svn path=/stable/4/; revision=100665
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
chance to test it, and hopefully accelerate the transition from the
old to the new ipfw code.
NOTE: THIS COMMIT WILL NOT CHANGE THE FIREWALL YOU USE,
NOR A SINGLE BIT IN YOUR KERNEL AND BINARIES.
YOU WILL KEEP USING YOUR OLD "ipfw" UNLESS YOU:
+ add "options IPFW2" (undocumented) to your kernel config file;
+ compile and install sbin/ipfw and lib/libalias with
make -DIPFW2
in other words, you must really want it.
On the other hand, i believe you do really want to use this new
code. In addition to being twice as fast in processing individual
rules, you can use more powerful match patterns such as
... ip from 1.2.3.0/24{50,6,27,158} to ...
... ip from { 1.2.3.4/26 or 5.6.7.8/22 } to ...
... ip from any 5-7,9-66,1020-3000,4000-5000 to ...
i.e. match sparse sets of IP addresses in constant time; use "or"
connectives between match patterns; have multiple port ranges; etc.
which I believe will dramatically reduce your ruleset size.
As an additional bonus, "keep-state" rules will now send keepalives
when the rule is about to expire, so you will not have your remote
login sessions die while you are idle.
The syntax is backward compatible with the old ipfw.
A manual page documenting the extensions has yet to be completed.
Notes:
svn path=/stable/4/; revision=100592
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=88133
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=88037
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=87439
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=86817
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=85966
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed the bug that prevented communication with FTP servers behind
NAT in extended passive mode if the server's public IP address was
different from the main NAT address. This caused a wrong aliasing
link to be created that did not route the incoming packets back to
the original IP address of the server.
natd -v -n pub0 -redirect_address localFTP publicFTP
Note that even if localFTP == publicFTP, one still needs to supply
the -redirect_address directive. It is needed as a helper because
extended passive mode's 229 reply does not contain the IP address.
Notes:
svn path=/stable/4/; revision=84366
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=84365
|
| |
|
|
|
|
|
| |
Approved by: re
Notes:
svn path=/stable/4/; revision=82072
|
| |
|
|
|
|
|
| |
Approved by: jkh
Notes:
svn path=/stable/4/; revision=82027
|
| |
|
|
|
|
|
| |
Approved by: re
Notes:
svn path=/stable/4/; revision=81834
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=80890
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=80889
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=80888
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=77702
|
| |
|
|
|
|
|
| |
Approved by: Charles Mott <cmott@scientech.com>
Notes:
svn path=/stable/4/; revision=77700
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=77697
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=75949
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=73888
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=73576
|
| |
|
|
|
|
|
| |
PacketAliasProxyRule().
Notes:
svn path=/stable/4/; revision=73575
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=68055
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=66159
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=66102
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=65844
|
| |
|
|
|
|
|
|
|
| |
- Add address translation support for RTSP/RTP used by RealPlayer and
Quicktime streaming media applications.
- Add a BUGS section to the man page.
Notes:
svn path=/stable/4/; revision=64832
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=64645
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=63904
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=62164
|
| |
|
|
|
|
|
|
|
|
|
| |
- Added support for FTP EPRT (RFC 2428) command.
- Added support for passive mode FTP servers behind NAT.
- Added security checks for FTP aliasing.
- Load Sharing using IP Network Address Translation (RFC 2391).
- Real PPTP support.
Notes:
svn path=/stable/4/; revision=62162
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=62108
|
| |
|
|
|
|
|
|
| |
that they (once again) go to the target machine rather than
the alias address.
Notes:
svn path=/stable/4/; revision=60364
|
| |
|
|
|
|
|
|
|
| |
to established connections, after SYN packets were seen from both ends.
PR: bin/17963
Notes:
svn path=/stable/4/; revision=59319
|
| |
|
|
|
|
|
|
| |
Use INADDR_ANY instead of 0 where appropriate
Staticise _FindLinkIn and wrap GetDestPort with #ifndef NO_FW_PUNCH
Notes:
svn path=/stable/4/; revision=59188
|
| |
|
|
| |
Notes:
svn path=/stable/4/; revision=58944
|
| |
|
|
|
|
|
|
| |
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
Notes:
svn path=/head/; revision=57686
|
| |
|
|
|
|
|
|
|
| |
+it does, amongst other things, clear out any
The old sentance didn't seem to make sense.
Notes:
svn path=/head/; revision=57544
|
| |
|
|
|
|
|
|
|
|
| |
being defined as 0x40. Change the former to be 0x100.
Submitted by: Erik Salander <erik@whistle.com>
Approved by: jkh
Notes:
svn path=/head/; revision=56968
|
| |
|
|
|
|
|
| |
Prompted by: archie
Notes:
svn path=/head/; revision=56967
|
| |
|
|
|
|
|
| |
Reviewed by: marcel, and make world
Notes:
svn path=/head/; revision=55955
|
| |
|
|
|
|
|
| |
Submitted by: Erik Salander <erik@whistle.com>
Notes:
svn path=/head/; revision=54415
|
| |
|
|
|
|
|
| |
Submitted by: Erik Salander <erik@whistle.com>
Notes:
svn path=/head/; revision=54376
|
| |
|
|
|
|
|
|
| |
PR: docs/14766
Submitted by: Kazutoshi Kubota <kazu@iworks.co.jp>
Notes:
svn path=/head/; revision=53038
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the link are equal to the default aliasing address. Do not zero them!
This will fix the problem with non-working links added with the source
and/or aliasing address equal to the default aliasing address, but the
default aliasing address is set later, after the link has been set up,
like both natd(8) and ppp(8) do (for objective reasons).
Reviewed by: Brian Somers <brian@FreeBSD.org>,
Eivind Eklund <eivind@FreeBSD.org>,
Charles Mott <cmott@srv.net>
Notes:
svn path=/head/; revision=51727
|
| |
|
|
|
|
|
|
|
| |
in FindLinkIn(). This will make TcpMonitorIn()/TcpMonitorOut() happy.
Reviewed by: eivind
Notes:
svn path=/head/; revision=51550
|
| |
|
|
|
|
|
|
| |
Instead, natd(8) should be fixed to call PacketAliasSetAddress()
as part of initialization, as required by libalias(3).
Notes:
svn path=/head/; revision=51506
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
`dst_port') work for outgoing packets.
- Make permanent links whose `alias_addr' matches the primary aliasing
address `aliasAddress' work for incoming packets.
- Typo fixes.
Reviewed by: brian, eivind
Notes:
svn path=/head/; revision=51494
|
| |
|
|
| |
Notes:
svn path=/head/; revision=51491
|
| |
|
|
|
|
|
|
|
| |
Requested by: eivind
Discussed with: eivind
Reviewed by: brian, eivind
Notes:
svn path=/head/; revision=51125
|
