From owner-freebsd-security@FreeBSD.ORG Sun Dec 14 04:50:17 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A137316A4CE for ; Sun, 14 Dec 2003 04:50:17 -0800 (PST) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id D559243D32 for ; Sun, 14 Dec 2003 04:50:15 -0800 (PST) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) hBECoEnp057001; Sun, 14 Dec 2003 12:50:14 GMT (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)hBECoEr7057000; Sun, 14 Dec 2003 12:50:14 GMT (envelope-from mark@grondar.org) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])hBECjHpD044491; Sun, 14 Dec 2003 12:45:17 GMT (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200312141245.hBECjHpD044491@grimreaper.grondar.org> To: Brett Glass In-Reply-To: Your message of "Sun, 14 Dec 2003 00:57:04 MST." <6.0.0.22.2.20031214005309.04ba9528@localhost> Date: Sun, 14 Dec 2003 12:45:17 +0000 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) X-Mailman-Approved-At: Sun, 14 Dec 2003 05:25:46 -0800 cc: security@freebsd.org Subject: Re: s/key authentication for Apache on FreeBSD? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Dec 2003 12:50:17 -0000 Hi This is now off FreeBSD (no more PAM), and is VERY httpd/Apache specific. I suggest you move it to the Apache lists, where no doubt more Apache experts will be able to help you out. Thanks! M Brett Glass writes: > At 10:45 PM 12/13/2003, Matthew D. Fuller wrote: > > >HTTP AUTH sends the user/pass strings with every request (more precisely, > >the browser caches what you put in, and sends it every time the server > >returns a 401 with the same realm name.) > > I apologize; I wasn't being clear. My question was, does the Apache > server then send the user name and password on to the library that > is doing authentication every time? Or does it recognize that the > user and password (and/or IP) are the same as before and allow > subsequent hits? > > --Brett > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-security@FreeBSD.ORG Mon Dec 15 07:41:06 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4002316A4CE for ; Mon, 15 Dec 2003 07:41:06 -0800 (PST) Received: from smtp3.sentex.ca (smtp3.sentex.ca [64.7.153.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id C524D43D37 for ; Mon, 15 Dec 2003 07:41:04 -0800 (PST) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by smtp3.sentex.ca (8.12.10/8.12.10) with ESMTP id hBFFf1xT091164; Mon, 15 Dec 2003 10:41:01 -0500 (EST) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.12.9p2/8.12.9) with ESMTP id hBFFf2Ur074123; Mon, 15 Dec 2003 10:41:03 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <6.0.1.1.0.20031215104607.04fd2b48@209.112.4.2> X-Sender: mdtpop@209.112.4.2 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 6.0.1.1 Date: Mon, 15 Dec 2003 10:46:39 -0500 To: Colin Percival , From: Mike Tancsa In-Reply-To: <5.0.2.1.1.20031211011207.01cb9d60@popserver.sfu.ca> References: <20031211010804.371685299@ftp.bjpu.edu.cn> <5.0.2.1.1.20031211011207.01cb9d60@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new Subject: Re: cvs version 1.11.10 import? [security fix] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2003 15:41:06 -0000 Hi, did you ever find out if this security issue does effect FreeBSD ? ---Mike At 08:14 PM 10/12/2003, Colin Percival wrote: >At 09:08 11/12/2003 +0800, =?gb2312?B?WGluIExJL8Du9s4=?= wrote: >>Will this affect FreeBSD's version 1.11.5 cvs, too? If so, is it possible to >>import the 1.11.10 before 5.2-RELEASE is released? Thanks! > > If it affects FreeBSD, I'm sure the new version will be imported before >5.2-RELEASE escapes. The release engineering and security teams talk to >each other occasionally, and especially prior to releases. :) > >Colin Percival > > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Mon Dec 15 08:08:53 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A6C816A4CE for ; Mon, 15 Dec 2003 08:08:53 -0800 (PST) Received: from tx3.oucs.ox.ac.uk (tx3.oucs.ox.ac.uk [163.1.2.167]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6EE1A43D31 for ; Mon, 15 Dec 2003 08:08:49 -0800 (PST) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan3.oucs.ox.ac.uk ([163.1.2.166] helo=localhost) by tx3.oucs.ox.ac.uk with esmtp (Exim 4.20) id 1AVvH6-0002dM-N6 for freebsd-security@freebsd.org; Mon, 15 Dec 2003 16:08:48 +0000 Received: from rx3.oucs.ox.ac.uk ([163.1.2.165]) by localhost (scan3.oucs.ox.ac.uk [163.1.2.166]) (amavisd-new, port 25) with ESMTP id 09818-08 for ; Mon, 15 Dec 2003 16:08:47 +0000 (GMT) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx3.oucs.ox.ac.uk with smtp (Exim 4.20) id 1AVvH5-0002bz-AC for freebsd-security@freebsd.org; Mon, 15 Dec 2003 16:08:47 +0000 Received: (qmail 14674 invoked by uid 0); 15 Dec 2003 16:08:45 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.16 (sweep: 2.14/3.71. spamassassin: 2.53. Clear:. Processed in 1.456033 secs); 15 Dec 2003 16:08:45 -0000 X-Qmail-Scanner-Mail-From: colin.percival@wadham.ox.ac.uk via gateway X-Qmail-Scanner: 1.16 (Clear:. Processed in 1.456033 secs) Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 15 Dec 2003 16:08:43 -0000 Message-Id: <5.0.2.1.1.20031215155516.02e4e820@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Mon, 15 Dec 2003 16:08:42 +0000 To: Mike Tancsa , From: Colin Percival In-Reply-To: <6.0.1.1.0.20031215104607.04fd2b48@209.112.4.2> References: <5.0.2.1.1.20031211011207.01cb9d60@popserver.sfu.ca> <20031211010804.371685299@ftp.bjpu.edu.cn> <5.0.2.1.1.20031211011207.01cb9d60@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: cvs version 1.11.10 import? [security fix] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Dec 2003 16:08:53 -0000 At 10:46 15/12/2003 -0500, Mike Tancsa wrote: >Hi, did you ever find out if this security issue does effect FreeBSD ? I think it does. As far as I can tell, it seems to cause problems when CVSROOT is :local:/something. I'm not sure if this is actually exploitable -- I can't see any indication that the cvs people know, either -- but the buggy code is definitely in FreeBSD. Since they don't seem to have published it, I've extracted the relevant patch from CVS's CVS tree and included it below. Colin Percival =================================================================== RCS file: /usr/local/tigris/data/helm/cvs/repository/ccvs/src/expand_path.c,v retrieving revision 1.21 retrieving revision 1.21.6.1 diff -u -r1.21 -r1.21.6.1 --- ccvs/src/expand_path.c 2001/01/09 13:59:59 1.21 +++ ccvs/src/expand_path.c 2003/12/03 19:22:01 1.21.6.1 @@ -272,7 +272,7 @@ int line; { if (strcmp (name, CVSROOT_ENV) == 0) - return current_parsed_root->original; + return current_parsed_root->directory; else if (strcmp (name, "RCSBIN") == 0) { error (0, 0, "RCSBIN internal variable is no longer supported"); From owner-freebsd-security@FreeBSD.ORG Mon Dec 15 21:00:48 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C3FE16A4CE for ; Mon, 15 Dec 2003 21:00:48 -0800 (PST) Received: from dmz2.unixjunkie.com (adsl-65-70-175-250.dsl.rcsntx.swbell.net [65.70.175.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A14B43D45 for ; Mon, 15 Dec 2003 21:00:42 -0800 (PST) (envelope-from strgout@unixjunkie.com) Received: from mail.unixjunkie.com (mail [10.253.254.36]) by dmz2.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id hBG5RmYe039078 for ; Mon, 15 Dec 2003 23:27:48 -0600 (CST) (envelope-from strgout@mail.unixjunkie.com) Received: from mail.unixjunkie.com (mail [10.253.254.36]) by mail.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id hBG5RmKf039075 for ; Mon, 15 Dec 2003 23:27:48 -0600 (CST) (envelope-from strgout@mail.unixjunkie.com) Received: (from strgout@localhost) by mail.unixjunkie.com (8.12.8p2/8.12.8/Submit) id hBG5RmNi039074 for freebsd-security@freebsd.org; Mon, 15 Dec 2003 23:27:48 -0600 (CST) (envelope-from strgout) Date: Mon, 15 Dec 2003 23:27:47 -0600 From: John To: freebsd-security@freebsd.org Message-ID: <20031216052747.GA39053@mail.unixjunkie.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: RE: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2003 05:00:48 -0000 ----- Forwarded message from John ----- Date: Mon, 15 Dec 2003 17:58:15 -0600 From: John To: freebsd-stable@freebsd.org Subject: interface bonding User-Agent: Mutt/1.4i Is there any way to bond sniffer interfaces? I've read a little on netgraph and it seems like i maybe able to use that but i'm not sure how to go about that. Basicly the end result is to have snort listen on a virtual interface, which will have data sent to it from say fxp0 and fxp1. I also want to make sure that data from fxp0, fxp1 or $VIRTUAL doesn't get sent out fxp1 or fxp0 for some reason. ----- End forwarded message ----- I'm sure i checked this before, but a google search turned up this. ngctl mkpeer fec dummy fec ngctl msg fec0: add_iface '"sf2"' ngctl msg fec0: add_iface '"sf3"' ngctl msg fec0: set_mode_inet ifconfig sf2 promisc ifconfig sf3 promisc ifconfig fec0 promisc after this fec0 will be the virtual if that gets the frames. This does depend on the fec module. # cd /usr/src/sys/modules/netgraph/fec/ # make && make install http://taosecurity.blogspot.com/ <- this is where i found it. which points out this poster. http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ids/2003-10/0029.html So is there a reason the netgraph fec module isn't built by default? From owner-freebsd-security@FreeBSD.ORG Tue Dec 16 01:06:47 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B513216A4CE for ; Tue, 16 Dec 2003 01:06:47 -0800 (PST) Received: from diaspar.rdsnet.ro (diaspar.rdsnet.ro [213.157.165.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id CE66143D41 for ; Tue, 16 Dec 2003 01:06:45 -0800 (PST) (envelope-from dudu@diaspar.rdsnet.ro) Received: (qmail 93418 invoked by uid 89); 16 Dec 2003 09:06:48 -0000 Received: from unknown (HELO diaspar.rdsnet.ro) (dudu@diaspar.rdsnet.ro@213.157.165.224) by 0 with AES256-SHA encrypted SMTP; 16 Dec 2003 09:06:47 -0000 Date: Tue, 16 Dec 2003 11:06:45 +0200 From: Vlad Galu To: freebsd-security@freebsd.org Message-Id: <20031216110645.2752f5c8.dudu@diaspar.rdsnet.ro> In-Reply-To: <20031216052747.GA39053@mail.unixjunkie.com> References: <20031216052747.GA39053@mail.unixjunkie.com> X-Mailer: Sylpheed version 0.9.8a (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha1"; boundary="Signature=_Tue__16_Dec_2003_11_06_46_+0200_5ewaNAiksEcjKl5e" Subject: Re: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Dec 2003 09:06:47 -0000 --Signature=_Tue__16_Dec_2003_11_06_46_+0200_5ewaNAiksEcjKl5e Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7bit John writes: |----- Forwarded message from John ----- | |Date: Mon, 15 Dec 2003 17:58:15 -0600 |From: John |To: freebsd-stable@freebsd.org |Subject: interface bonding |User-Agent: Mutt/1.4i | |Is there any way to bond sniffer interfaces? |I've read a little on netgraph and it seems |like i maybe able to use that but i'm not sure |how to go about that. | |Basicly the end result is to have snort listen on |a virtual interface, which will have data sent to |it from say fxp0 and fxp1. I also want to make sure that |data from fxp0, fxp1 or $VIRTUAL doesn't get sent out |fxp1 or fxp0 for some reason. | |----- End forwarded message ----- | |I'm sure i checked this before, but a google search turned up this. | |ngctl mkpeer fec dummy fec |ngctl msg fec0: add_iface '"sf2"' |ngctl msg fec0: add_iface '"sf3"' |ngctl msg fec0: set_mode_inet |ifconfig sf2 promisc |ifconfig sf3 promisc |ifconfig fec0 promisc | |after this fec0 will be the virtual if that gets the frames. | |This does depend on the fec module. |# cd /usr/src/sys/modules/netgraph/fec/ |# make && make install | |http://taosecurity.blogspot.com/ <- this is where i found it. |which points out this poster. |http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-ids/2003-10 |/0029.html | |So is there a reason the netgraph fec module isn't built by default? Yes. It's not very stable. Better use ng_one2many. |_______________________________________________ |freebsd-security@freebsd.org mailing list |http://lists.freebsd.org/mailman/listinfo/freebsd-security |To unsubscribe, send any mail to |"freebsd-security-unsubscribe@freebsd.org" | ---- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. --Signature=_Tue__16_Dec_2003_11_06_46_+0200_5ewaNAiksEcjKl5e Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/3ssnP5WtpVOrzpcRAmfxAJ9KqFBvW3IW7Rd/G65Pvi3ndOJc1ACgm82n oAKE4YfGBdwm6wtWjy8e7ps= =aAe9 -----END PGP SIGNATURE----- --Signature=_Tue__16_Dec_2003_11_06_46_+0200_5ewaNAiksEcjKl5e-- From owner-freebsd-security@FreeBSD.ORG Tue Dec 16 18:46:08 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2715E16A4CE for ; Tue, 16 Dec 2003 18:46:08 -0800 (PST) Received: from dmz2.unixjunkie.com (adsl-65-70-175-250.dsl.rcsntx.swbell.net [65.70.175.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4087C43D35 for ; Tue, 16 Dec 2003 18:46:02 -0800 (PST) (envelope-from strgout@unixjunkie.com) Received: from mail.unixjunkie.com (mail [10.253.254.36]) by dmz2.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id hBH3DEYe041723 for ; Tue, 16 Dec 2003 21:13:14 -0600 (CST) (envelope-from strgout@mail.unixjunkie.com) Received: from mail.unixjunkie.com (mail [10.253.254.36]) by mail.unixjunkie.com (8.12.8p2/8.12.8) with ESMTP id hBH3DEKf041720 for ; Tue, 16 Dec 2003 21:13:14 -0600 (CST) (envelope-from strgout@mail.unixjunkie.com) Received: (from strgout@localhost) by mail.unixjunkie.com (8.12.8p2/8.12.8/Submit) id hBH3DDdL041719 for freebsd-security@freebsd.org; Tue, 16 Dec 2003 21:13:13 -0600 (CST) (envelope-from strgout) Date: Tue, 16 Dec 2003 21:13:13 -0600 From: John To: freebsd-security@freebsd.org Message-ID: <20031217031313.GA41707@mail.unixjunkie.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: RE: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2003 02:46:08 -0000 And here i was about to ask if there was something wrong with freebsd-stable. DOH! :) From owner-freebsd-security@FreeBSD.ORG Fri Dec 19 08:27:00 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D0FB16A4CE for ; Fri, 19 Dec 2003 08:27:00 -0800 (PST) Received: from blurp.one.pl (21.t4.ds.pwr.wroc.pl [156.17.226.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B322D43D1D for ; Fri, 19 Dec 2003 08:26:58 -0800 (PST) (envelope-from gizmen@blurp.one.pl) Received: by blurp.one.pl (Postfix, from userid 1001) id 810BFA0B; Fri, 19 Dec 2003 17:26:48 +0100 (CET) Date: Fri, 19 Dec 2003 17:26:48 +0100 From: GiZmen To: freebsd-security@FreeBSD.ORG Message-ID: <20031219162648.GA76539@blurp.one.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.5.1i Subject: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 16:27:00 -0000 Hello, I have configured jail for users with sshd ftpd and auth. I started this jail on IP 127.0.0.10(there is an alias on lo0 interface), there was not any bigger problem to start it. But i have a problem with internet in this jail. I can log in to this jail through ssh or ftpd but i can't connect to the internet. I try to set up some kind of nat but it doesn't work. Can anybody help me with that problem. For now i set it up on external IP and everythig is okej. But i want to have this jail on diffrent iface that is not an external iface and is set for example on 127.0.0.10. I also want close in jail named service. I configured named that it is only a caching server.And i tryied start it on 127.0.0.53 ip alias but it doesnt work because it cannot comunicate with other dns. Thanks for any advice in my problem -- Best Regards: GiZmen From owner-freebsd-security@FreeBSD.ORG Fri Dec 19 08:36:34 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD61516A4CF for ; Fri, 19 Dec 2003 08:36:34 -0800 (PST) Received: from mail.metric.ru (ns.metric.ru [195.209.60.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA48B43D53 for ; Fri, 19 Dec 2003 08:36:31 -0800 (PST) (envelope-from list@ostankino.ru) Received: from sysadmin ([195.209.60.140]) by mail.metric.ru with Microsoft SMTPSVC(5.0.2195.6713); Fri, 19 Dec 2003 19:36:20 +0300 Date: Fri, 19 Dec 2003 19:36:45 +0300 From: Ilya Kiselyov To: freebsd-security@freebsd.org Message-Id: <20031219193645.759a4dbe.list@ostankino.ru> In-Reply-To: <20031219162648.GA76539@blurp.one.pl> References: <20031219162648.GA76539@blurp.one.pl> Organization: TCO X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 19 Dec 2003 16:36:20.0481 (UTC) FILETIME=[3B84BF10:01C3C64E] Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 16:36:34 -0000 Hello! > Can anybody help me with that problem. For now i set it up on external IP > and everythig is okej. But i want to have this jail on diffrent iface that > is not an external iface and is set for example on 127.0.0.10. You should probably use a real ip for jail, not from 127.0.0.0/8. -- Regards, Ilya From owner-freebsd-security@FreeBSD.ORG Fri Dec 19 08:47:26 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3347516A4CE for ; Fri, 19 Dec 2003 08:47:26 -0800 (PST) Received: from blurp.one.pl (21.t4.ds.pwr.wroc.pl [156.17.226.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EAADC43D54 for ; Fri, 19 Dec 2003 08:47:20 -0800 (PST) (envelope-from gizmen@blurp.one.pl) Received: by blurp.one.pl (Postfix, from userid 1001) id 5F5AFA12; Fri, 19 Dec 2003 17:47:13 +0100 (CET) Date: Fri, 19 Dec 2003 17:47:13 +0100 From: GiZmen To: freebsd-security@FreeBSD.ORG Message-ID: <20031219164713.GA76661@blurp.one.pl> References: <20031219162648.GA76539@blurp.one.pl> <20031219193645.759a4dbe.list@ostankino.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031219193645.759a4dbe.list@ostankino.ru> User-Agent: Mutt/1.5.5.1i Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 16:47:26 -0000 > > > Can anybody help me with that problem. For now i set it up on external IP > > and everythig is okej. But i want to have this jail on diffrent iface that > > is not an external iface and is set for example on 127.0.0.10. > > You should probably use a real ip for jail, not from 127.0.0.0/8. > So there is no chance to set it up on 127.0.0.0/8 and have access to internet ? I wanted to have some daemons listenig on aliased IP on lo0 iface. And then set up few rules on firewall to forward traffic from external IP to those ip on lo0 interface. THX -- Best Regards: GiZmen From owner-freebsd-security@FreeBSD.ORG Fri Dec 19 09:13:04 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3607716A4CE for ; Fri, 19 Dec 2003 09:13:04 -0800 (PST) Received: from mail.metric.ru (ns.metric.ru [195.209.60.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE7F443D1D for ; Fri, 19 Dec 2003 09:13:02 -0800 (PST) (envelope-from list@ostankino.ru) Received: from sysadmin ([195.209.60.140]) by mail.metric.ru with Microsoft SMTPSVC(5.0.2195.6713); Fri, 19 Dec 2003 20:13:01 +0300 Date: Fri, 19 Dec 2003 20:13:41 +0300 From: Ilya Kiselyov To: freebsd-security@freebsd.org Message-Id: <20031219201341.60c724f9.list@ostankino.ru> In-Reply-To: <20031219164713.GA76661@blurp.one.pl> References: <20031219162648.GA76539@blurp.one.pl> <20031219193645.759a4dbe.list@ostankino.ru> <20031219164713.GA76661@blurp.one.pl> Organization: TCO X-Mailer: Sylpheed version 0.9.6claws (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 19 Dec 2003 17:13:01.0316 (UTC) FILETIME=[5B518440:01C3C653] Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 17:13:04 -0000 Hello! > > > Can anybody help me with that problem. For now i set it up on external IP > > > and everythig is okej. But i want to have this jail on diffrent iface that > > > is not an external iface and is set for example on 127.0.0.10. > > > > You should probably use a real ip for jail, not from 127.0.0.0/8. > > > > So there is no chance to set it up on 127.0.0.0/8 and have access to > internet ? I wanted to have some daemons listenig on aliased IP on lo0 > iface. And then set up few rules on firewall to forward traffic from external > IP to those ip on lo0 interface. In case you just want it to be on lo0, you can set up a real ip alias on lo0. If you need both lo0 AND 127.0.0.0/8... Well, do you _really_ need such a configuration? -- Regards, Ilya From owner-freebsd-security@FreeBSD.ORG Fri Dec 19 09:21:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4393F16A4CE for ; Fri, 19 Dec 2003 09:21:11 -0800 (PST) Received: from smtpout.mac.com (A17-250-248-97.apple.com [17.250.248.97]) by mx1.FreeBSD.org (Postfix) with ESMTP id D5ACC43D3F for ; Fri, 19 Dec 2003 09:21:09 -0800 (PST) (envelope-from lomion@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id hBJHL9iQ011085; Fri, 19 Dec 2003 09:21:09 -0800 (PST) Received: from [192.168.2.102] (bgp585760bgs.jdover01.nj.comcast.net [68.39.198.236]) (authenticated bits=0)hBJHL8LA001291; Fri, 19 Dec 2003 09:21:08 -0800 (PST) In-Reply-To: <20031219201341.60c724f9.list@ostankino.ru> References: <20031219162648.GA76539@blurp.one.pl> <20031219193645.759a4dbe.list@ostankino.ru> <20031219164713.GA76661@blurp.one.pl> <20031219201341.60c724f9.list@ostankino.ru> Mime-Version: 1.0 (Apple Message framework v609) Content-Type: multipart/signed; micalg=sha1; boundary=Apple-Mail-3--942013615; protocol="application/pkcs7-signature" Message-Id: From: Lawrence Sica Date: Fri, 19 Dec 2003 12:21:06 -0500 To: Ilya Kiselyov X-Mailer: Apple Mail (2.609) X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-security Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 17:21:11 -0000 --Apple-Mail-3--942013615 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On Dec 19, 2003, at 12:13 PM, Ilya Kiselyov wrote: > Hello! > >>>> Can anybody help me with that problem. For now i set it up on >>>> external IP >>>> and everythig is okej. But i want to have this jail on diffrent >>>> iface that >>>> is not an external iface and is set for example on 127.0.0.10. >>> >>> You should probably use a real ip for jail, not from 127.0.0.0/8. >>> >> >> So there is no chance to set it up on 127.0.0.0/8 and have access to >> internet ? I wanted to have some daemons listenig on aliased IP on lo0 >> iface. And then set up few rules on firewall to forward traffic from >> external >> IP to those ip on lo0 interface. > > In case you just want it to be on lo0, you can set up a real ip alias > on lo0. If you need both lo0 AND 127.0.0.0/8... Well, do you _really_ > need such a configuration? > Changing the ip on lo0 can be break things or expose you, a lot of sensitive stuff goes over localhost, so be very very carfeul mucking with the ip on lo0. --Larry --Apple-Mail-3--942013615-- From owner-freebsd-security@FreeBSD.ORG Fri Dec 19 10:21:19 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40B1416A4D0 for ; Fri, 19 Dec 2003 10:21:19 -0800 (PST) Received: from konvergencia.hu (konvergencia.hu [195.228.254.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C08A43D2D for ; Fri, 19 Dec 2003 10:20:27 -0800 (PST) (envelope-from mkenyeres@konvergencia.hu) Received: from [127.0.0.25] (helo=localhost) by konvergencia.hu with esmtp (Exim 4.10) id 1AXPFz-0001Iy-00 for security@FreeBSD.org; Fri, 19 Dec 2003 18:21:47 +0000 Received: from konvergencia.hu ([127.0.0.25]) by localhost (kavegep.konvergencia.hu [127.0.0.25]) (amavisd-new, port 10024) with ESMTP id 02813-08 for ; Fri, 19 Dec 2003 19:21:46 +0100 (CET) Received: from 103.65-182-adsl-pool.axelero.hu ([81.182.65.103] helo=nerd.kvg.hu) by konvergencia.hu with asmtp (TLSv1:RC4-MD5:128) (Exim 4.10) id 1AXPFy-0001It-00 for security@FreeBSD.org; Fri, 19 Dec 2003 18:21:46 +0000 From: Marton Kenyeres Organization: KVG Konvergencia Kft. To: security@FreeBSD.org Date: Fri, 19 Dec 2003 19:20:39 +0100 User-Agent: KMail/1.5.4 References: <20031219162648.GA76539@blurp.one.pl> <20031219193645.759a4dbe.list@ostankino.ru> <20031219164713.GA76661@blurp.one.pl> In-Reply-To: <20031219164713.GA76661@blurp.one.pl> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200312191920.39141.mkenyeres@konvergencia.hu> X-Virus-Scanned: by amavisd-new at konvergencia.hu Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 18:21:19 -0000 On Friday 19 December 2003 17.47, GiZmen wrote: > > > Can anybody help me with that problem. For now i set it up on external > > > IP and everythig is okej. But i want to have this jail on diffrent > > > iface that is not an external iface and is set for example on > > > 127.0.0.10. > > > > You should probably use a real ip for jail, not from 127.0.0.0/8. > > So there is no chance to set it up on 127.0.0.0/8 and have access to > internet ? I wanted to have some daemons listenig on aliased IP on lo0 > iface. And then set up few rules on firewall to forward traffic from > external IP to those ip on lo0 interface. > > > THX You need to nat and reverse-nat between the external and loopback interface, something along the lines: /etc/ipnat.conf: #allow the outside word to connect to named running in the jail rdr fxp0 x.x.x.x/32 port 53 -> 127.0.0.53 port 1053 tcp/udp #allow named to talk to the outside word map fxp0 127.0.0.53/32 -> x.x.x.x/32 Change fxp0 to your network interface, x.x.x.x to your real ip. If you wan't to use the name server only from your local machine, you don't need the first rule. Note that I like to run named as an unpriviledged user (a little more paranoia :) and let it bound to a high-port (1053 in this case), but that's not strictly necessary. Consult named.conf(5) and su(1) on how to do this. Remember: in the case of ipf/ipnat nat-ing hapens _before_ packet filtering, so allow rules will look something along the lines of: pass in quick on fxp0 proto tcp from any to 127.0.0.53 port = 1053 flags S keep state pass in quick on fxp0 proto udp from any to 127.0.0.53 port = 1053 keep state That might look a bit strange at first, but if you get the nat-ing right, it's OK. (Someone please correct me ASAP, if it isn't :) HTH, m. -- Marton Kenyeres - mkenyeres@konvergencia.hu KVG Konvergencia Kft. From owner-freebsd-security@FreeBSD.ORG Fri Dec 19 17:42:42 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0642B16A4CE for ; Fri, 19 Dec 2003 17:42:42 -0800 (PST) Received: from blurp.one.pl (21.t4.ds.pwr.wroc.pl [156.17.226.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC82B43D39 for ; Fri, 19 Dec 2003 17:42:40 -0800 (PST) (envelope-from gizmen@blurp.one.pl) Received: by blurp.one.pl (Postfix, from userid 1001) id AB321A0B; Sat, 20 Dec 2003 02:42:31 +0100 (CET) Date: Sat, 20 Dec 2003 02:42:31 +0100 From: GiZmen To: freebsd-security@FreeBSD.ORG Message-ID: <20031220014231.GA23229@blurp.one.pl> References: <20031219162648.GA76539@blurp.one.pl> <20031219170339.48E40D2@ken.ccs.sut.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031219170339.48E40D2@ken.ccs.sut.ru> User-Agent: Mutt/1.5.5.1i Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Dec 2003 01:42:42 -0000 > As i understood your problem you need addition alias on lo0 interface > for gateway ip purpose. So you have lo0 interface and lo0_alias0 > 192.168.1.1 as default gateway for jails. And now you create new jails' > ip as aliases on lo0 iface. > > For example: > > no jail, only gateway - lo0_alias0 192.168.1.1/24 > > jail1 - lo0_alias1 192.168.1.2/24 - hostname jail1.domain.com > in this jail set default gateway to 192.168.1.1 > > jail2 - lo0_alias2 192.168.1.3/24 - hostname jail2.domain.com > in this jail set default gateway to 192.168.1.1 also > > Your host machine have to be gateway enabled. > > Now if you want to switch on internet access from jail1 you only need to > add nat rule to translate jail1's ip to the host primary ip. > > Alesha. I dont know how can it work? AFAIK in jail i cant change the default gateway. -- Best Regards: GiZmen From owner-freebsd-security@FreeBSD.ORG Sat Dec 20 11:35:17 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E36716A4CF for ; Sat, 20 Dec 2003 11:35:17 -0800 (PST) Received: from arginine.spc.org (arginine.spc.org [195.206.69.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55E4D43DBB for ; Sat, 20 Dec 2003 11:33:34 -0800 (PST) (envelope-from bms@spc.org) Received: from localhost (localhost [127.0.0.1]) by arginine.spc.org (Postfix) with ESMTP id 7D42865434; Sat, 20 Dec 2003 18:41:34 +0000 (GMT) Received: from arginine.spc.org ([127.0.0.1]) by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 86640-03-4; Sat, 20 Dec 2003 18:41:34 +0000 (GMT) Received: from saboteur.dek.spc.org (82-147-18-36.dsl.uk.rapidplay.com [82.147.18.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by arginine.spc.org (Postfix) with ESMTP id CBD116538E; Sat, 20 Dec 2003 18:41:33 +0000 (GMT) Received: by saboteur.dek.spc.org (Postfix, from userid 1001) id 0833038; Sat, 20 Dec 2003 18:41:32 +0000 (GMT) Date: Sat, 20 Dec 2003 18:41:32 +0000 From: Bruce M Simpson To: Ilya Kiselyov Message-ID: <20031220184132.GB742@saboteur.dek.spc.org> Mail-Followup-To: Ilya Kiselyov , freebsd-security@freebsd.org References: <20031219162648.GA76539@blurp.one.pl> <20031219193645.759a4dbe.list@ostankino.ru> <20031219164713.GA76661@blurp.one.pl> <20031219201341.60c724f9.list@ostankino.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20031219201341.60c724f9.list@ostankino.ru> cc: freebsd-security@freebsd.org Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Dec 2003 19:35:17 -0000 On Fri, Dec 19, 2003 at 08:13:41PM +0300, Ilya Kiselyov wrote: > In case you just want it to be on lo0, you can set up a real ip alias on lo0. If you need both lo0 AND 127.0.0.0/8... Well, do you _really_ need such a configuration? The lo(4) driver is cloneable in -CURRENT for things like this, amongst other things. BMS From owner-freebsd-security@FreeBSD.ORG Sat Dec 20 13:36:07 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E00C16A4CE for ; Sat, 20 Dec 2003 13:36:07 -0800 (PST) Received: from timmy.inbox.lv (timmy.inbox.lv [81.94.227.7]) by mx1.FreeBSD.org (Postfix) with SMTP id 616B243D5E for ; Sat, 20 Dec 2003 13:36:05 -0800 (PST) (envelope-from bonifaktuura@inbox.lv) Received: (qmail 18064 invoked from network); 20 Dec 2003 21:34:31 -0000 Received: from unknown (HELO spampd.localdomain) (10.0.1.7) by timmy.inbox.lv with SMTP; 20 Dec 2003 21:34:31 -0000 Received: from 80.81.40.152 ( [80.81.40.152]) as user bonifaktuura@10.0.1.1 by www2.inbox.lv with HTTP; Sat, 20 Dec 2003 23:34:31 +0200 Message-ID: <1071956071.3fe4c0675e36f@www2.inbox.lv> Date: Sat, 20 Dec 2003 23:34:31 +0200 From: bonifaktuura@inbox.lv To: freebsd-security@FreeBSD.ORG References: <20031219162648.GA76539@blurp.one.pl> <20031219193645.759a4dbe.list@ostankino.ru> <20031219164713.GA76661@blurp.one.pl> <200312191920.39141.mkenyeres@konvergencia.hu> In-Reply-To: <200312191920.39141.mkenyeres@konvergencia.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit User-Agent: Inbox.lv Webmail Subject: Re: Configuring JAIL to bind on lo0 interface X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Dec 2003 21:36:07 -0000 > so allow rules will look something along the lines of: > > pass in quick on fxp0 proto tcp from any to 127.0.0.53 port = 1053 flags S > keep state > pass in quick on fxp0 proto udp from any to 127.0.0.53 port = 1053 keep > state well, in case if he has block by default policy he will need smth like this, too: pass out quick on fxp0 proto tcp from 127.0.0.53 to any port = 53 flags S keep state pass out quick on fxp0 proto udp from 127.0.0.53 to any port = 53 keep state and changing 'any' to dns servers he's using as masters is good idea. p. This message contains no viruses. Guaranteed by Kaspersky Anti-Virus. http://www.antivirus.lv From owner-freebsd-security@FreeBSD.ORG Sat Dec 20 16:28:19 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E189116A4CE for ; Sat, 20 Dec 2003 16:28:19 -0800 (PST) Received: from web60806.mail.yahoo.com (web60806.mail.yahoo.com [216.155.196.69]) by mx1.FreeBSD.org (Postfix) with SMTP id 2538E43D60 for ; Sat, 20 Dec 2003 16:28:15 -0800 (PST) (envelope-from richard_bejtlich@yahoo.com) Message-ID: <20031221002814.39893.qmail@web60806.mail.yahoo.com> Received: from [68.84.6.72] by web60806.mail.yahoo.com via HTTP; Sat, 20 Dec 2003 16:28:14 PST Date: Sat, 20 Dec 2003 16:28:14 -0800 (PST) From: Richard Bejtlich To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: interface bonding X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Dec 2003 00:28:20 -0000 Hello, I operate http://taosecurity.blogspot.com and http://www.taosecurity.com. I posted a method to use ng_one2many for bonding interfaces here in June: http://marc.theaimsgroup.com/?l=snort-users&m=105585533810122&w=2 That method relies on three real interfaces: the two to be bonded and a third against which traffic is mirrored. I've not had luck creating a third "virtual" interface against which to sniff. Using ng_fec, however, a fec0 interface us created automatically. That's what I'm using now on my NSM sensor and it works fine. I appreciate any hints on creating a virtual interface to use for sniffing with ng_one2many. If you can help me do that I'll use ng_one2many instead of ng_fec. ng_fec doesn't have a man page, which is enough for me to avoid it if possible. :) Thank you, Richard http://www.taosecurity.com __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/