From owner-freebsd-security Sun Jul 20 08:55:40 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA21308 for security-outgoing; Sun, 20 Jul 1997 08:55:40 -0700 (PDT) Received: from pwrtc.com (pwrtc.com [206.230.144.34]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA21302 for ; Sun, 20 Jul 1997 08:55:33 -0700 (PDT) Received: from legba.pwrtc.com (legba.pwrtc.com [206.230.144.223]) by pwrtc.com (8.7.5/8.7.3) with ESMTP id KAA10575 for ; Sun, 20 Jul 1997 10:55:40 -0500 (EST) Received: (from pazuzu@localhost) by legba.pwrtc.com (8.8.5/8.8.5) id LAA09304 for freebsd-security@freebsd.org; Sun, 20 Jul 1997 11:00:58 -0500 (EST) From: "T. D. Pazuzu" Message-Id: <199707201600.LAA09304@legba.pwrtc.com> Subject: guestgroup broken in wu.ftpd? To: freebsd-security@freebsd.org Date: Sun, 20 Jul 1997 11:00:58 -0500 (EST) X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Does anyone know if the guestgroup capability of wu.ftpd 2.4.2-beta13 is supposed to work? It doesn't on my system. It sets the home directory properly, but the chroot either doesn't get executed, or somehow fails because I can type cd / and it's the real system root. I was hoping to use this to allow a few users to upload webpages to their home dirs, but not be able to go anywhere else. From owner-freebsd-security Mon Jul 21 01:29:52 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id BAA00330 for security-outgoing; Mon, 21 Jul 1997 01:29:52 -0700 (PDT) Received: from radford.i-plus.net (root@Radford.i-Plus.net [206.99.237.6]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA00325 for ; Mon, 21 Jul 1997 01:29:49 -0700 (PDT) Received: from totally.fuckin.nutty.net (insane@totally.friggin.nutty.net [206.99.237.44]) by radford.i-plus.net (8.8.6/8.8.5) with SMTP id EAA11003; Mon, 21 Jul 1997 04:28:28 -0400 (EDT) Message-Id: <199707210828.EAA11003@radford.i-plus.net> X-Mailer: Microsoft Outlook Express 4.71.0544.0 From: "Troy Settle" To: , "T. D. Pazuzu" Subject: Re: guestgroup broken in wu.ftpd? Date: Mon, 21 Jul 1997 04:32:23 -0400 X-Priority: 3 X-MSMail-Priority: Normal MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-MimeOle: Produced By Microsoft MimeOLE Engine V4.71.0544.0 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk From: T. D. Pazuzu >Does anyone know if the guestgroup capability of wu.ftpd 2.4.2-beta13 is >supposed to work? It doesn't on my system. It sets the home directory >properly, but the chroot either doesn't get executed, or somehow fails >because I can type cd / and it's the real system root. I was hoping to use >this to allow a few users to upload webpages to their home dirs, but not be >able to go anywhere else. I'm not sure what's going on, but I had wu_ftpd working correctly at one time. Later, I dumped my system, and after re-installing wu_ftpd, I couldn't get it to use guestgroup properly at all. I since started using ncftpd http://www.probe.net/~mgleason/ncftpd, which works great for restricted ftp sessions, virtual ftp servers, and virtual ftp users (seperate passwd file even). Best of luck, Troy Settle Network Administrator, iPlus Internet Services http://www.i-Plus.net From owner-freebsd-security Mon Jul 21 14:22:45 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id OAA12437 for security-outgoing; Mon, 21 Jul 1997 14:22:45 -0700 (PDT) Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA12432 for ; Mon, 21 Jul 1997 14:22:42 -0700 (PDT) Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP id XAA06635 for ; Mon, 21 Jul 1997 23:22:08 +0200 Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id XAA01973 for freebsd-security@FreeBSD.ORG; Mon, 21 Jul 1997 23:21:42 +0200 Received: (from roberto@localhost) by keltia.freenix.fr (8.8.6/keltia-uucp-2.9) id TAA04372; Mon, 21 Jul 1997 19:07:20 +0200 (CEST) Message-ID: <19970721190719.23651@keltia.freenix.fr> Date: Mon, 21 Jul 1997 19:07:19 +0200 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: guestgroup broken in wu.ftpd? References: <199707210828.EAA11003@radford.i-plus.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.76 In-Reply-To: <199707210828.EAA11003@radford.i-plus.net>; from Troy Settle on Mon, Jul 21, 1997 at 04:32:23AM -0400 X-Operating-System: FreeBSD 3.0-CURRENT ctm#3481 AMD-K6 MMX @ 208 MHz Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk According to Troy Settle: > I since started using ncftpd http://www.probe.net/~mgleason/ncftpd, which > works great for restricted ftp sessions, virtual ftp servers, and virtual > ftp users (seperate passwd file even). Last I asked Mike, no source was available. Too bad. -- Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #23: Sun Jul 20 18:10:34 CEST 1997 From owner-freebsd-security Mon Jul 21 20:45:12 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id UAA02770 for security-outgoing; Mon, 21 Jul 1997 20:45:12 -0700 (PDT) Received: from milehigh.denver.net (milehigh.denver.net [204.144.180.2]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA02761 for ; Mon, 21 Jul 1997 20:45:09 -0700 (PDT) Received: from localhost (jdc@localhost) by milehigh.denver.net (8.8.5/8.8.5) with SMTP id VAA03046; Mon, 21 Jul 1997 21:48:38 -0600 (MDT) Date: Mon, 21 Jul 1997 21:48:37 -0600 (MDT) From: John-David Childs cc: freebsd-security@FreeBSD.ORG, "T. D. Pazuzu" Subject: Re: guestgroup broken in wu.ftpd? In-Reply-To: <199707210828.EAA11003@radford.i-plus.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 21 Jul 1997, Troy Settle wrote: > From: T. D. Pazuzu > >Does anyone know if the guestgroup capability of wu.ftpd 2.4.2-beta13 is > >supposed to work? It doesn't on my system. It sets the home directory I have it working on my system. > >properly, but the chroot either doesn't get executed, or somehow fails > >because I can type cd / and it's the real system root. I was hoping to > use > >this to allow a few users to upload webpages to their home dirs, but not > be > >able to go anywhere else. Do you have the users home directory as (for example) /users/home/./username? Are you sure that the user in question is a member of the groups defined as "guestgroup"? One thing that bit me, was that the wu-ftp-beta 13 wanted to put it "support" files (ftpaccess, ftpconversions, etc.) in a totally different directory than the default FreeBSD installation from the ports. On my system, they are in /usr/local/lib/ftpd. Check the source code/Makefile to determine where the files are supposed to be. This one bit me for about 24 hours. -- John-David Childs (JC612) @denver.net/Internet-Coach System Administrator Enterprise Internet Solutions & Network Engineer 901 E 17th Ave, Denver 80218 I don't believe there really IS a GAS SHORTAGE.. I think it's all just a BIG HOAX on the part of the plastic sign salesmen -- to sell more numbers!! From owner-freebsd-security Tue Jul 22 05:36:55 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id FAA25585 for security-outgoing; Tue, 22 Jul 1997 05:36:55 -0700 (PDT) Received: from extrouter.test.cdu.elektra.ru ([193.125.114.71]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA25453; Tue, 22 Jul 1997 05:36:04 -0700 (PDT) Received: from mailhub.cdu.ru (mailhub.cdu.ru [172.16.10.50]) by extrouter.test.cdu.elektra.ru (8.8.6/8.8.6) with ESMTP id QAA00334; Tue, 22 Jul 1997 16:34:59 +0400 (MSD) Received: from mailhub.cdu.ru (Win95.cdu.ru [172.16.2.10]) by mailhub.cdu.ru (8.8.6/8.8.6) with ESMTP id QAA00462; Tue, 22 Jul 1997 16:35:19 +0400 (MSD) Message-Id: <199707221235.QAA00462@mailhub.cdu.ru> From: "Win95" To: "FreeBSD bugs" , "FreeBSD current" , "FreeBSD hackers" , "FreeBSD hubs" , "FreeBSD hardware" , "FreeBSD isp" , "FreeBSD questions" , "FreeBSD security" Subject: I have a problem with Ethernet adapters! Date: Tue, 22 Jul 1997 16:27:08 +0400 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1157 MIME-Version: 1.0 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello! I've installed the FreeBSD 2.2.2-RELEASE on three PC (Gateway2000 P5-100) to make a Firewall. But there is something strange with my Ethernet adapters :-( There is my schema: | | | | x------------x | x------------x | <------X ext_router X-----X------X int_router X----X to my x------------x | x------------x | provider | | x----------x | X-------X mail_hub | | | x----------x | | | | x----------x | X-------X client | | x----------x | | All computers have FreeBSD 2.2.2-RELEASE. ext_router and int_router have two Ethernet adapters: 3Com 3C900 and SMC 80xx. mail_hub have 3Com 3C509 Ethernet adapter. Now I try to describe my problem: When I try to download a file from ext_router to int_router via FTP, transfer rate is around 700 KBytes/sec. The same transfere rate is when I try to transfer a file from int_router to mail_hub or even from ext_router to mail_hub! But if only I try to UPLOAD a file from int_router to ext_router, then transfer rate is only around 200 KBytes/sec! ;-((((( I have only one question: WHY? There is output of command "ifconfig -a" on int_router: vx0: flags=8843 mtu 1500 inet 193.125.114.36 netmask 0xffffffe0 broadcast 193.125.114.63 ether 00:60:97:b5:f6:37 ed0: flags=8843 mtu 1500 inet 172.16.10.35 netmask 0xffff0000 broadcast 172.16.255.255 ether 00:00:c0:50:6d:c3 lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 Maybe, a SIMPLEX flag is wrong? HELP ME! It's very important for me! If you answer me by email, it may be more fast! PS: I'm so sorry for my English :-( Yours sincerely, Pavel ----------------------------------------------------------- Pavel P. Zabortsev, software engineer CDO UPS of Russia Tel.: (095) 220-4513, 220-4350 E-mail: ppz@cdu.elektra.ru ppz@usa.net ----------------------------------------------------------- From owner-freebsd-security Tue Jul 22 11:19:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA16428 for security-outgoing; Tue, 22 Jul 1997 11:19:46 -0700 (PDT) Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA16419 for ; Tue, 22 Jul 1997 11:19:41 -0700 (PDT) Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP id UAA02869 for ; Tue, 22 Jul 1997 20:19:37 +0200 Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id UAA17521 for freebsd-security@FreeBSD.ORG; Tue, 22 Jul 1997 20:19:32 +0200 Received: (from roberto@localhost) by keltia.freenix.fr (8.8.6/keltia-uucp-2.9) id UAA09605; Tue, 22 Jul 1997 20:05:11 +0200 (CEST) Message-ID: <19970722200511.56602@keltia.freenix.fr> Date: Tue, 22 Jul 1997 20:05:11 +0200 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: guestgroup broken in wu.ftpd? References: <199707210828.EAA11003@radford.i-plus.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.76 In-Reply-To: <199707210828.EAA11003@radford.i-plus.net>; from Troy Settle on Mon, Jul 21, 1997 at 04:32:23AM -0400 X-Operating-System: FreeBSD 3.0-CURRENT ctm#3481 AMD-K6 MMX @ 208 MHz Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk According to Troy Settle: > I'm not sure what's going on, but I had wu_ftpd working correctly at one > time. Later, I dumped my system, and after re-installing wu_ftpd, I > couldn't get it to use guestgroup properly at all. Did you remember to put "-a" in the ftpd command in inetd.conf ? Without "-a", ftpaccess is not read at all and the guestgroup won't work. -- Ollivier ROBERT -=- FreeBSD: There are no limits -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #23: Sun Jul 20 18:10:34 CEST 1997 From owner-freebsd-security Tue Jul 22 13:19:14 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA24796 for security-outgoing; Tue, 22 Jul 1997 13:19:14 -0700 (PDT) Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.238.120.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA24767 for ; Tue, 22 Jul 1997 13:18:56 -0700 (PDT) Received: from localhost (paulo@localhost) by mirage.nlink.com.br (8.8.5/8.8.5) with SMTP id RAA02769; Tue, 22 Jul 1997 17:17:06 -0300 (EST) Date: Tue, 22 Jul 1997 17:17:06 -0300 (EST) From: Paulo Fragoso To: "T. D. Pazuzu" cc: freebsd-security@FreeBSD.ORG Subject: Re: guestgroup broken in wu.ftpd? In-Reply-To: <199707201600.LAA09304@legba.pwrtc.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi, I changed this line in ftpd.c: /* Access control and logging passwords */ /* OFF by default. _H*/ int use_accessfile = 1; ^^^ ^^^ it's working fine. Paulo Fragoso. On Sun, 20 Jul 1997, T. D. Pazuzu wrote: > Does anyone know if the guestgroup capability of wu.ftpd 2.4.2-beta13 is > supposed to work? It doesn't on my system. It sets the home directory > properly, but the chroot either doesn't get executed, or somehow fails > because I can type cd / and it's the real system root. I was hoping to use > this to allow a few users to upload webpages to their home dirs, but not be > able to go anywhere else. > From owner-freebsd-security Thu Jul 24 05:28:35 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id FAA25207 for security-outgoing; Thu, 24 Jul 1997 05:28:35 -0700 (PDT) Received: from safeconcept.utimaco.co.at (mail-gw.utimaco.co.at [195.96.28.162]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id FAA25200 for ; Thu, 24 Jul 1997 05:28:31 -0700 (PDT) Received: (from uucp@localhost) by safeconcept.utimaco.co.at (8.8.5/8.8.5) id OAA13743 for ; Thu, 24 Jul 1997 14:29:06 +0200 (CEST) Received: from christian.utimaco.co.at(10.0.0.39) by safeconcept via smap (V2.0) id xma013741; Thu, 24 Jul 97 14:28:50 +0200 Message-ID: <33D74A2B.7581@utimaco.co.at> Date: Thu, 24 Jul 1997 14:27:23 +0200 From: "DI. Christian Gusenbauer" Reply-To: Christian.Gusenbauer@utimaco.co.at Organization: Utimaco Safe-Concept X-Mailer: Mozilla 3.01 (WinNT; I) MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: NATD and skip packets Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi! We've the following problem: we want to send SKIP packets to our partners somewhere in the world. We are using private internet addresses in our LAN and would let our FreeBSD firewall translate those addresses to public ones. Unfortunately, natd supports only TCP, UDP and ICMP packets but we need SKIP. My question is: is anyone working on this (supporting SKIP) or do you know any (other) solution for this problem? Many thanks, Christian. -- Christian Gusenbauer UTIMACO Safe Concept Christian.Gusenbauer@utimaco.co.at A-4020 Linz, AUSTRIA From owner-freebsd-security Thu Jul 24 08:27:24 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA04570 for security-outgoing; Thu, 24 Jul 1997 08:27:24 -0700 (PDT) Received: from sasami.jurai.net (winter@sasami.jurai.net [207.96.1.17]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA04559 for ; Thu, 24 Jul 1997 08:27:20 -0700 (PDT) Received: from localhost (winter@localhost) by sasami.jurai.net (8.8.5/8.8.5) with SMTP id LAA17273; Thu, 24 Jul 1997 11:27:02 -0400 (EDT) Date: Thu, 24 Jul 1997 11:27:01 -0400 (EDT) From: "Matthew N. Dodd" To: "DI. Christian Gusenbauer" cc: freebsd-security@FreeBSD.ORG Subject: Re: NATD and skip packets In-Reply-To: <33D74A2B.7581@utimaco.co.at> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Thu, 24 Jul 1997, DI. Christian Gusenbauer wrote: > We've the following problem: we want to send SKIP packets to our > partners somewhere in the world. We are using private internet > addresses in our LAN and would let our FreeBSD firewall translate > those addresses to public ones. Unfortunately, natd supports only > TCP, UDP and ICMP packets but we need SKIP. > > My question is: is anyone working on this (supporting SKIP) or do > you know any (other) solution for this problem? http://skip.incog.com/ /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */ From owner-freebsd-security Thu Jul 24 10:26:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id KAA12999 for security-outgoing; Thu, 24 Jul 1997 10:26:46 -0700 (PDT) Received: from bitbox.follo.net (eivind@bitbox.follo.net [194.198.43.36]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA12989 for ; Thu, 24 Jul 1997 10:26:28 -0700 (PDT) Received: (from eivind@localhost) by bitbox.follo.net (8.8.5/8.7.3) id TAA01132; Thu, 24 Jul 1997 19:25:22 +0200 (CEST) Date: Thu, 24 Jul 1997 19:25:22 +0200 (CEST) Message-Id: <199707241725.TAA01132@bitbox.follo.net> From: Eivind Eklund To: Christian.Gusenbauer@utimaco.co.at CC: freebsd-security@FreeBSD.ORG In-reply-to: "DI. Christian Gusenbauer"'s message of Thu, 24 Jul 1997 14:27:23 +0200 Subject: Re: NATD and skip packets References: <33D74A2B.7581@utimaco.co.at> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > Hi! > > We've the following problem: we want to send SKIP packets to our > partners somewhere in the world. We are using private internet > addresses in our LAN and would let our FreeBSD firewall translate > those addresses to public ones. Unfortunately, natd supports only > TCP, UDP and ICMP packets but we need SKIP. > > My question is: is anyone working on this (supporting SKIP) or do > you know any (other) solution for this problem? What are SKIP-packets? Relevant persons for this are Archie Cobbs - added divert to ipfw originally (if I remember correctly - it may have been Julian too) Ari Suutari - original natd author Charles Mott - wrote the packet-aliasing engine (probably most relevant) Brian Somers - brought natd into FreeBSD and is maintaining that and libalias. and Yours Truly, who've done some reorganisation of the aliasing code and did the IRC DCC-support (minor stuff, both of those), and thus should be able to solve the problem. Unfortuneatly, I haven't got a clue what a SKIP-packet is, and I haven't been able to find the term in either Stevens, Halsall, or what RFC I thought would be relevant. Any references to what these packets actually are? Eivind. From owner-freebsd-security Thu Jul 24 11:24:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA16543 for security-outgoing; Thu, 24 Jul 1997 11:24:23 -0700 (PDT) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA16537 for ; Thu, 24 Jul 1997 11:24:17 -0700 (PDT) Message-Id: <199707241824.LAA16537@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA269357934; Fri, 25 Jul 1997 04:12:14 +1000 From: Darren Reed Subject: Re: NATD and skip packet To: Christian.Gusenbauer@utimaco.co.at Date: Fri, 25 Jul 1997 04:12:13 +1000 (EST) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <33D74A2B.7581@utimaco.co.at> from "DI. Christian Gusenbauer" at Jul 24, 97 02:27:23 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In some mail from DI. Christian Gusenbauer, sie said: > > Hi! > > We've the following problem: we want to send SKIP packets to our > partners somewhere in the world. We are using private internet > addresses in our LAN and would let our FreeBSD firewall translate > those addresses to public ones. Unfortunately, natd supports only > TCP, UDP and ICMP packets but we need SKIP. > > My question is: is anyone working on this (supporting SKIP) or do > you know any (other) solution for this problem? ENskip was ported to NetBSD, but that is sufficiently old to not be useful for you. You might have more luck using either Photuris or ISAKMP - other IPsec implementations which do the same sort of thing as SKIP. Darren From owner-freebsd-security Thu Jul 24 13:06:03 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA21040 for security-outgoing; Thu, 24 Jul 1997 13:06:03 -0700 (PDT) Received: from mail.webspan.net (root@mail.webspan.net [206.154.70.7]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA21034 for ; Thu, 24 Jul 1997 13:05:55 -0700 (PDT) Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) by mail.webspan.net (WEBSPAN/970608) with ESMTP id QAA11194; Thu, 24 Jul 1997 16:05:53 -0400 (EDT) Received: from orion.webspan.net (localhost [127.0.0.1]) by orion.webspan.net (WEBSPAN/970608) with ESMTP id QAA18273; Thu, 24 Jul 1997 16:05:53 -0400 (EDT) To: Eivind Eklund cc: Christian.Gusenbauer@utimaco.co.at, freebsd-security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: NATD and skip packets In-reply-to: Your message of "Thu, 24 Jul 1997 19:25:22 +0200." <199707241725.TAA01132@bitbox.follo.net> Date: Thu, 24 Jul 1997 16:05:53 -0400 Message-ID: <18271.869774753@orion.webspan.net> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Eivind Eklund wrote in message ID <199707241725.TAA01132@bitbox.follo.net>: > What are SKIP-packets? See Matt Dodd's earlier reply. SKIP is a crypto-tunnel system, and part of Suns SunScreen product. Publically available (already ported to FreeBSD 2.1.x) at http://skip.incog.com/ Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info From owner-freebsd-security Thu Jul 24 13:54:54 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id NAA23507 for security-outgoing; Thu, 24 Jul 1997 13:54:54 -0700 (PDT) Received: from chuma.cas.usf.edu (ddunbar@chuma.cas.usf.edu [131.247.209.50]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA23501 for ; Thu, 24 Jul 1997 13:54:51 -0700 (PDT) Received: from localhost (ddunbar@localhost) by chuma.cas.usf.edu (8.8.5/8.6.5) with SMTP id QAA23879 for ; Thu, 24 Jul 1997 16:45:00 -0400 (EDT) Date: Thu, 24 Jul 1997 16:45:00 -0400 (EDT) From: "David C. Dunbar" X-Sender: ddunbar@chuma To: security@freebsd.org Subject: unsubscribe security Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk unsubscribe security From owner-freebsd-security Thu Jul 24 23:48:22 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id XAA17876 for security-outgoing; Thu, 24 Jul 1997 23:48:22 -0700 (PDT) Received: from safeconcept.utimaco.co.at (mail-gw.utimaco.co.at [195.96.28.162]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA17871 for ; Thu, 24 Jul 1997 23:48:14 -0700 (PDT) Received: (from uucp@localhost) by safeconcept.utimaco.co.at (8.8.5/8.8.5) id IAA16828 for ; Fri, 25 Jul 1997 08:48:58 +0200 (CEST) Received: from christian.utimaco.co.at(10.0.0.39) by safeconcept via smap (V2.0) id xma016826; Fri, 25 Jul 97 08:48:50 +0200 Message-ID: <33D84BF5.4099@utimaco.co.at> Date: Fri, 25 Jul 1997 08:47:17 +0200 From: Christian Gusenbauer Reply-To: Christian.Gusenbauer@utimaco.co.at Organization: Utimaco Safe-Concept X-Mailer: Mozilla 3.01 (WinNT; I) MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: NATD and skip packets References: <18271.869774753@orion.webspan.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Gary Palmer wrote: > > Eivind Eklund wrote in message ID > <199707241725.TAA01132@bitbox.follo.net>: > > What are SKIP-packets? > > See Matt Dodd's earlier reply. SKIP is a crypto-tunnel system, and > part of Suns SunScreen product. Publically available (already ported > to FreeBSD 2.1.x) at http://skip.incog.com/ > > Gary > -- > Gary Palmer FreeBSD Core Team Member > FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info Hi! Thanks for your answers, but I think I have to clearify: we are here in Austria (Europe) and do have some NT and Sun Workstations with Skip software. We are using private addresses within our local network. Now, we want to communicate with other workstations on other networks. This will only work, when our FreeBSD firewall does the network address translation. But unfortunately, NATD doesn't understand the SKIP packets and therefor the address translation fails. Now, my question is: what do I have to do to get this running? Many thanks, Christian. -- Christian Gusenbauer UTIMACO Safe Concept Christian.Gusenbauer@utimaco.co.at A-4020 Linz, AUSTRIA From owner-freebsd-security Fri Jul 25 04:23:27 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id EAA28020 for security-outgoing; Fri, 25 Jul 1997 04:23:27 -0700 (PDT) Received: from sasami.jurai.net (winter@sasami.jurai.net [207.96.1.17]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA28014 for ; Fri, 25 Jul 1997 04:23:22 -0700 (PDT) Received: from localhost (winter@localhost) by sasami.jurai.net (8.8.5/8.8.5) with SMTP id HAA01747; Fri, 25 Jul 1997 07:23:18 -0400 (EDT) Date: Fri, 25 Jul 1997 07:23:18 -0400 (EDT) From: "Matthew N. Dodd" To: Christian Gusenbauer cc: freebsd-security@FreeBSD.ORG Subject: Re: NATD and skip packets In-Reply-To: <33D84BF5.4099@utimaco.co.at> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, 25 Jul 1997, Christian Gusenbauer wrote: > Thanks for your answers, but I think I have to clearify: we are here in > Austria > (Europe) and do have some NT and Sun Workstations with Skip software. We > are > using private addresses within our local network. Now, we want to > communicate > with other workstations on other networks. This will only work, when our > FreeBSD > firewall does the network address translation. But unfortunately, NATD > doesn't > understand the SKIP packets and therefor the address translation fails. > Now, my > question is: what do I have to do to get this running? Create a tunnel? /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */ From owner-freebsd-security Fri Jul 25 06:07:45 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id GAA01968 for security-outgoing; Fri, 25 Jul 1997 06:07:45 -0700 (PDT) Received: from cayman.irbs.com (cayman.irbs.com [199.182.75.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA01963 for ; Fri, 25 Jul 1997 06:07:39 -0700 (PDT) Received: (from jc@localhost) by cayman.irbs.com (8.8.5/8.8.5) id JAA28747; Fri, 25 Jul 1997 09:07:13 -0400 (EDT) Message-ID: <19970725090712.54298@irbs.com> Date: Fri, 25 Jul 1997 09:07:12 -0400 From: John Capo To: Christian.Gusenbauer@utimaco.co.at Cc: freebsd-security@FreeBSD.ORG Subject: Re: NATD and skip packets References: <18271.869774753@orion.webspan.net> <33D84BF5.4099@utimaco.co.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.69 In-Reply-To: <33D84BF5.4099@utimaco.co.at>; from Christian Gusenbauer on Fri, Jul 25, 1997 at 08:47:17AM +0200 X-Organization: IRBS Engineering, (954) 242-9167 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk You need to use the tunnel capabilities in SKIP. I am connecting two RFC1918 networks via two FreeBSD 2.1.7 firewalls running SKIP right now and I am installing a third RFC1918 network today. skiphost -i tun0 -a 192.168.1.0 -M 255.255.255.0 -A tunnel_endpoint_address Plus the other encryption, secrets, etc, arguments to skiphost. IP forwarding is enabled on the firewalls but forwarding is limited with ipfw filters. The border routers also block all access to the internal RFC1918 networks. The skiphost command above says to send all packets for 192.168.1.0/24 to the tunnel_endpoint_address. The sending SKIP encrypts the packet, attaches a SKIP header to it, and then attaches an IP header with the tunnel_endpoint_address as the destination. The receiving SKIP authenticates, decrypts, and passes the packet addressed to 192.9.168.X to the IP layer. IP happily routes the packet to the proper interface for the 192.9.168.0/24 network, in my case an Ethernet. SKIP has what I consider a bug in that it sends packets through the tunnel with the original RFC1918 source address in the IP header. I changed that to use the interface address the packet is being sent from for the source address. Does anyone have Sun SKIP working on 2.2? John Capo IRBS Engineering From owner-freebsd-security Sat Jul 26 19:24:50 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id TAA00608 for security-outgoing; Sat, 26 Jul 1997 19:24:50 -0700 (PDT) Received: from mail.webspan.net (root@mail.webspan.net [206.154.70.7]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA00603 for ; Sat, 26 Jul 1997 19:24:46 -0700 (PDT) Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) by mail.webspan.net (WEBSPAN/970608) with ESMTP id WAA29468; Sat, 26 Jul 1997 22:24:44 -0400 (EDT) Received: from orion.webspan.net (localhost [127.0.0.1]) by orion.webspan.net (WEBSPAN/970608) with ESMTP id WAA12132; Sat, 26 Jul 1997 22:24:43 -0400 (EDT) To: John Capo cc: Christian.Gusenbauer@utimaco.co.at, freebsd-security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: NATD and skip packets In-reply-to: Your message of "Fri, 25 Jul 1997 09:07:12 EDT." <19970725090712.54298@irbs.com> Date: Sat, 26 Jul 1997 22:24:43 -0400 Message-ID: <12130.869970283@orion.webspan.net> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk John Capo wrote in message ID <19970725090712.54298@irbs.com>: > Does anyone have Sun SKIP working on 2.2? I have it compiling, but don't have a test environment. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info