| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
option -- TcpAliasOut() did not catch the IP header length change.
Submitted by: Stepachev Andrey <aka50@mail.ru>
|
|
|
|
|
|
|
|
|
| |
for passive mode data connections (PASV/EPSV -> 227/229). Well,
the actual punching happens a bit later, when the aliasing link
becomes fully specified.
Prodded by: Danny Carroll <dannycarroll@hotmail.com>
MFC after: 1 week
|
|
|
|
| |
Requested by: Charles Mott <cmott@scientech.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NAT in extended passive mode if the server's public IP address was
different from the main NAT address. This caused a wrong aliasing
link to be created that did not route the incoming packets back to
the original IP address of the server.
natd -v -n pub0 -redirect_address localFTP publicFTP
Note that even if localFTP == publicFTP, one still needs to supply
the -redirect_address directive. It is needed as a helper because
extended passive mode's 229 reply does not contain the IP address.
MFC after: 1 week
|
|
|
|
|
| |
Submitted by: Joe Clarke <marcus@marcuscom.com>
MFC after: 2 weeks
|
|
|
|
| |
Submitted by: Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
|
|
|
|
| |
Previously approved by: Charles Mott <cmott@scientech.com>
|
|
|
|
| |
MFC after: 2 weeks
|
|
|
|
|
|
|
| |
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
|
| |
|
|
|
|
| |
Reported by: Bernd Fuerwitt <bf@fuerwitt.de>
|
|
|
|
| |
Approved by: Charles Mott <cmott@scientech.com>
|
|
|
|
| |
Approved by: Atsushi Murai <amurai@spec.co.jp>
|
|
|
|
|
|
|
|
|
|
| |
For FTP control connection, keep the CRLF end-of-line termination
status in there.
Fixed the bug when the first FTP command in a session was ignored.
PR: 24048
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
Reviewed by (*): bde
(*) alias_local.h only got a cursory glance.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
whether they should create a link if lookup has failed or not.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PPTP links are no longer dropped by simple (and inappropriate in this
case) "inactivity timeout" procedure, only when requested through the
control connection.
It is now possible to have multiple PPTP servers running behind NAT.
Just redirect the incoming TCP traffic to port 1723, everything else
is done transparently.
Problems were reported and the fix was tested by:
Michael Adler <Michael.Adler@compaq.com>,
David Andersen <dga@lcs.mit.edu>
|
|
|
|
|
| |
This fixes a null pointer dereference problem that is unlikely to
happen in normal circumstances.
|
| |
|
|
|
|
|
|
|
| |
The field is in network byte order and contains the
size of the header.
Reviewed by: brian
|
| |
|
|
|
|
|
|
|
| |
datagram embedded into ICMP error message, not with protocol
field of ICMP message itself (which is always IPPROTO_ICMP).
Pointed by: Erik Salander <erik@whistle.com>
|
|
|
|
|
|
|
|
| |
not alias `ip_src' unless it comes from the host an original
datagram that triggered this error message was destined for.
PR: 20712
Reviewed by: brian, Charles Mott <cmott@scientech.com>
|
| |
|
|
|
|
|
| |
This makes outgoing ICMP echo/timestamp replies to be de-aliased
with the right source IP, not exactly the primary aliasing IP.
|
|
|
|
| |
add unsigned char cast to ctype macro
|
|
|
|
| |
Reported by: Christian Schade <chris@cube.sax.de>
|
| |
|
|
|
|
|
|
|
|
| |
PPTP control messages.
- Cosmetics: replace `GRE link' with `PPTP link'.
Reviewed by: Erik Salander <erik@whistle.com>
|
|
|
|
| |
Submitted by: Erik Salander <erik@whistle.com>
|
|
|
|
|
| |
Fix an overlong line and trailing whitespace that crept in, in the
previous commit.
|
|
|
|
|
|
|
|
| |
Quicktime streaming media applications.
Add a BUGS section to the man page.
Submitted by: Erik Salander <erik@whistle.com>
|
|
|
|
|
| |
- ipfw always rejected rule with `neither in nor out' diagnostics.
- number of src/dst ports was not set properly.
|
|
|
|
| |
- SHLIB_MAJOR++.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Multiple PPTP clients behind NAT to the same or different servers.
- Single PPTP server behind NAT -- you just need to redirect TCP
port 1723 to a local machine. Multiple servers behind NAT is
possible but would require a simple API change.
- No API changes!
For more information on how this works see comments at the start of
the alias_pptp.c.
PacketAliasPptp() is no longer necessary and will be removed soon.
Submitted by: Erik Salander <erik@whistle.com>
Reviewed by: ru
Rewritten by: ru
Reviewed by: Erik Salander <erik@whistle.com>
|
|
|
|
|
| |
- Stricter checking of PORT/EPRT/227/229 messages format.
- Moved all security checks into one place.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It does mean that it is now possible to run passive-mode FTP
server behind NAT.
- SECURITY: FTP aliasing engine now ensures that:
o the segment preceding a PORT/227 segment terminates with a \r\n;
o the IP address in the PORT/227 matches the source IP address of
the packet;
o the port number in the PORT command or 277 reply is greater than
or equal to 1024.
Submitted by: Erik Salander <erik@whistle.com>
Reviewed by: ru
|
|
|
|
|
|
|
|
| |
that they (once again) go to the target machine rather than
the alias address.
PR: 18354
Submitted by: ru
|
|
|
|
|
|
|
| |
to PPTP) with more generic PacketAliasRedirectProto().
Major number is not bumped because it is believed that noone
has started using PacketAliasRedirectPptp() yet.
|
| |
|
|
|
|
|
|
| |
LSNAT links are first created by either PacketAliasRedirectPort() or
PacketAliasRedirectAddress() and then set up by one or more calls to
PacketAliasAddServer().
|
|
|
|
|
|
|
| |
- new API function: PacketAliasRedirectPptp()
- new mode bit: PKT_ALIAS_DENY_PPTP
Please see manual page for details.
|