From owner-freebsd-security Wed Aug 25 0:10: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from mta2-rme.xtra.co.nz (mta2-rme.xtra.co.nz [203.96.92.3]) by hub.freebsd.org (Postfix) with ESMTP id DE287160F8 for ; Wed, 25 Aug 1999 00:09:44 -0700 (PDT) (envelope-from sdynamic@xtra.co.nz) Received: from sdk6 ([210.55.151.189]) by mta2-rme.xtra.co.nz (InterMail v4.01.01.00 201-229-111) with SMTP id <19990825065946.ZSGM2478302.mta2-rme@sdk6>; Wed, 25 Aug 1999 18:59:46 +1200 Message-ID: <007501beeec6$e3de13f0$061ea8c0@sdk6.sd.co.nz> From: "Michael Williams" To: , Cc: Subject: IPBind patch for fwtk on freeBSD 3.2 Date: Wed, 25 Aug 1999 18:55:59 +1200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone used the really cool fwtk IPBind patch for daemon mode plug-gw proxies with success on any of the freeBSD OS version's?. I have found it to work exactly as expected under RedHat Linux 6.0 as per the syslog entries at the end of this mail. The documentation clearly states, This patch has been tested and verified on the following systems: Solaris 2.5.1 (sparc) Solaris 2.5 (x86) So I am not expecting to much as it does work on my test RedHat server just not on the freeBSD 3.2 server which happens to be the gateway I want to use this on (: However looking through the source code I can see that under freeBSD it makes it through the create socket call, then the setsockopt call OK but fails on the Bind seeming to not like the address. I am not sure how to figure out if the problem is an access rights issue or perhaps an address:port format issue. A point worth noting is that when configured to bind the port only, then the bind is fine and in fact the proxy works as expected and when run in daemon mode sets up a listener on *.port for all interfaces. I do have an IPFW rulebase loaded on the freeBSD server which does not seem to interfere as the plug-gw behaves fine as bind to port only. Looking through my 4.4BSD books I can see that the bind call is quite happy to bind the address of 0/ and decide on the fly the correct interface and this made me wonder if it wanted to bind to an interface address rather than an IP address?. I am starting the proxy with the following, /usr/local/etc/plug-gw -daemon 192.168.30.3:80 -name plug-http Here are the syslog entries from both servers. Hope they come through legible. redhat 6 linux 2.2.15-22 kernel. Aug 23 18:26:17 xmailgate plug-gw[615]: Starting daemon mode on ip 192.168.30.3(192.168.30.3), port 80 . . Aug 25 05:10:54 xmailgate plug-gw[1139]: HERE!!! av[0] = 80 Aug 25 05:10:54 xmailgate last message repeated 3 times Aug 25 05:10:54 xmailgate plug-gw[1139]: YO!!! localip = 192.168.30.3 Aug 25 05:10:54 xmailgate plug-gw[1139]: connect host=sdakx0.xx.xx/192.168.30.10 destination=10.0.30.4/8080 freebsd 3.2 kernel Aug 24 06:13:19 sd172-lx52 plug-gw[1810]: Starting daemon mode on ip 172.16.30.4 (172.16.30.4), port 81 Aug 24 06:13:19 sd172-lx52 plug-gw[1810]: Failed to bind port 81, Can't assign requested address Any helpfull comment would be appreciated. Thanks, Mike. Michael Williams Software Dynamics mailto:sdynamic@xtra.co.nz http://www.voyager.co.nz/~michaelw cell ph: 025 995 914 ph: +64 9 2744876 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message