Date: Wed, 25 Aug 1999 18:55:59 +1200 From: "Michael Williams" <sdynamic@xtra.co.nz> To: <freebsd-security@freebsd.org>, <fwtk-users@lists.nai.com> Cc: <whamlin@connetsys.com> Subject: IPBind patch for fwtk on freeBSD 3.2 Message-ID: <007501beeec6$e3de13f0$061ea8c0@sdk6.sd.co.nz>
next in thread | raw e-mail | index | archive | help
Has anyone used the really cool fwtk IPBind patch for daemon mode plug-gw
proxies with success on any of the freeBSD OS version's?.
I have found it to work exactly as expected under RedHat Linux 6.0 as per
the syslog entries at the end of this mail.
The documentation clearly states,
This patch has been tested and verified on the following systems:
Solaris 2.5.1 (sparc)
Solaris 2.5 (x86)
So I am not expecting to much as it does work on my test RedHat server just
not on the freeBSD 3.2 server which happens to be the gateway I want to use
this on (:
However looking through the source code I can see that under freeBSD it
makes it through the create socket call, then the setsockopt call OK but
fails on the Bind seeming to not like the address.
I am not sure how to figure out if the problem is an access rights issue or
perhaps an address:port format issue.
A point worth noting is that when configured to bind the port only, then
the bind is fine and in fact the proxy works as expected and when run in
daemon mode sets up a listener on *.port for all interfaces.
I do have an IPFW rulebase loaded on the freeBSD server which does not seem
to interfere as the plug-gw behaves fine as bind to port only.
Looking through my 4.4BSD books I can see that the bind call is quite happy
to bind the address of 0/ and decide on the fly the correct interface and
this made me wonder if it wanted to bind to an interface address rather than
an IP address?.
I am starting the proxy with the following,
/usr/local/etc/plug-gw -daemon 192.168.30.3:80 -name plug-http
Here are the syslog entries from both servers.
Hope they come through legible.
redhat 6 linux 2.2.15-22 kernel.
Aug 23 18:26:17 xmailgate plug-gw[615]: Starting daemon mode on ip
192.168.30.3(192.168.30.3), port 80
.
.
Aug 25 05:10:54 xmailgate plug-gw[1139]: HERE!!! av[0] = 80
Aug 25 05:10:54 xmailgate last message repeated 3 times
Aug 25 05:10:54 xmailgate plug-gw[1139]: YO!!! localip = 192.168.30.3
Aug 25 05:10:54 xmailgate plug-gw[1139]: connect
host=sdakx0.xx.xx/192.168.30.10 destination=10.0.30.4/8080
freebsd 3.2 kernel
Aug 24 06:13:19 sd172-lx52 plug-gw[1810]: Starting daemon mode on ip
172.16.30.4
(172.16.30.4), port 81
Aug 24 06:13:19 sd172-lx52 plug-gw[1810]: Failed to bind port 81, Can't
assign requested address
Any helpfull comment would be appreciated.
Thanks,
Mike.
Michael Williams
Software Dynamics
mailto:sdynamic@xtra.co.nz
http://www.voyager.co.nz/~michaelw
cell ph: 025 995 914
ph: +64 9 2744876
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007501beeec6$e3de13f0$061ea8c0>