Date: Fri, 31 Mar 2000 16:20:38 +0200 (MET DST) From: Martin Machacek <mm@i.cz> To: freebsd-net@FreeBSD.ORG Subject: Re: Security of NAT "firewall" vs. packet filtering firewall. Message-ID: <XFMail.000331162038.mm@i.cz> In-Reply-To: <200003311406.PAA02684@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 31-Mar-00 Brian Somers wrote:
> In fact, there's a bug in libalias. Packets destined to anything
> that's not redirected (with PacketAliasRedirectAddr() or implicitly)
> should be redirected to the alias address according to the
> documentation.
>
> This is now reality (as of about a minute ago).
There is possibly another bug in natd/libalias. Incoming ICMP packets are
being translated and forwarded if there is some "redirect address" configured
even if "deny-incoming" is specified. TCP/UDP packets are denied correctly. I
haven't had enough time to inspect this possible problem more thoroughly so I
haven't produced any PR yet. Maybe somebody else has more time ... :-)
Martin
---
[PGP KeyID F3F409C4]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.000331162038.mm>