From owner-freebsd-stable  Sat Mar  3 22:24: 7 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from pit.databus.com (p101-45.acedsl.com [160.79.101.45])
	by hub.freebsd.org (Postfix) with ESMTP id 5451037B718
	for <stable@FreeBSD.ORG>; Sat,  3 Mar 2001 22:24:05 -0800 (PST)
	(envelope-from barney@pit.databus.com)
Received: (from barney@localhost)
	by pit.databus.com (8.11.1/8.11.1) id f246NcU53062;
	Sun, 4 Mar 2001 01:23:38 -0500 (EST)
	(envelope-from barney)
Date: Sun, 4 Mar 2001 01:23:38 -0500
From: Barney Wolff <barney@pit.databus.com>
To: Don Lewis <Don.Lewis@tsc.tdk.com>
Cc: Chris Johnson <cjohnson@palomine.net>, stable@FreeBSD.ORG
Subject: Re: Did ipfw fwd just break?
Message-ID: <20010304012338.A52971@pit.databus.com>
References: <20010303203733.A49750@palomine.net> <200103040211.SAA24825@salsa.gv.tsc.tdk.com> <20010303211958.A50525@palomine.net> <200103040230.SAA25152@salsa.gv.tsc.tdk.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200103040230.SAA25152@salsa.gv.tsc.tdk.com>; from Don.Lewis@tsc.tdk.com on Sat, Mar 03, 2001 at 06:30:18PM -0800
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I question whether this complexity is necessary.  The effect of the
tranparent proxying could just as well have been achieved by
translating to an alias address that is assigned to the interface,
rather than to localhost, right?  Simpler is better, in the kernel.

Barney Wolff

On Sat, Mar 03, 2001 at 06:30:18PM -0800, Don Lewis wrote:
> On Mar 3,  9:19pm, Chris Johnson wrote:
> } Subject: Re: Did ipfw fwd just break?
> } 
> } Now, is it possible to protect myself from whatever evil check_interface is
> } supposed to protect me from, while still doing my transparent proxying? Or =
> } do I
> } have to choose one or the other?
> 
> Try this patch.  You might still have to disable check_interface if
> your host is multi-homed and net.inet.ip.forwarding is 0, but even
> so, you should be better protected than with the older code.
> 
> Your bug report pointed out problem in the code, which I believe
> I have corrected in this patch.  You can be the first to try it ;-)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message