Date: Thu, 26 Aug 1999 08:46:36 +1200 From: "Michael Williams" <sdynamic@xtra.co.nz> To: "William L. Hamlin" <whamlin@connetsys.com> Cc: <freebsd-security@freebsd.org>, <fwtk-users@lists.nai.com> Subject: Re: IPBind patch for fwtk on freeBSD 3.2 Message-ID: <004a01beef3a$ed56c160$061ea8c0@sdk6.sd.co.nz>
next in thread | raw e-mail | index | archive | help
Bill, Thanks for your quick response. Sorry for my slow reply.. NZ time it way differant. If socket programming is bordering off corect topic for freebsd-security perhaps one of the freeBSD team could let me know in which case we could post the resolution only to freebsd-security :) > >Which version of IPBind are you using? If you are using anything older >than 1.2, get the newest one - that will probably be your problem. There >are known issues with earlier versions attempting to bind specific IP >addresses on some systems. > Oops, silly of me to include the version of everything but the IPBind code. Version 1.2 already (: > >My next suggestion would be to verify that the IP address you are >specifying (172.16.30.4) is indeed the one that you want to use and that >it is correctly configured on the local machine. I know this sounds >basic, but most of the problem e-mails I get regarding the patch end up >being this very problem. A good sign of a computer nut is that his eyes >are almost completely blurry from working all night... > Good suggestion just the same, I can bind the plug-gw by port only and connect via the IP address in question. First I started with an alias IP & then moved on to using the base adapter IP which I know works. An interesting direct reply I had suggested that FreeBSD requires entire sockaddr_in structure to be bzero'ed before assigning address. In the mean time I have found the Socket-address template structure and a sample diagram for the Internet-domain socket name ( Design & Implementation 4.4 BSD ) showing the layout as follows: sa_len, sa_family, sa_data 1-byte, 1-byte, variable-length Which in this case should be: sin_len,AF_INET,sin_port,sin_addr,sin_zero My 'c' code is very rusty but I will follow this up. I use freeBSD on a number of production servers in various secure roles and find it to be the most interesting, fun and stable OS of any I have ever used :) Mike. Michael Williams Software Dynamics mailto:sdynamic@xtra.co.nz http://www.voyager.co.nz/~michaelw cell ph: 025 995 914 ph: +64 9 2744876 >> >> Has anyone used the really cool fwtk IPBind patch for daemon mode plug-gw >> proxies with success on any of the freeBSD OS version's?. >> >> I have found it to work exactly as expected under RedHat Linux 6.0 as per >> the syslog entries at the end of this mail. >> >> The documentation clearly states, >> This patch has been tested and verified on the following systems: >> >> Solaris 2.5.1 (sparc) >> Solaris 2.5 (x86) >> >> So I am not expecting to much as it does work on my test RedHat server just >> not on the freeBSD 3.2 server which happens to be the gateway I want to use >> this on (: >> >> However looking through the source code I can see that under freeBSD it >> makes it through the create socket call, then the setsockopt call OK but >> fails on the Bind seeming to not like the address. >> I am not sure how to figure out if the problem is an access rights issue or >> perhaps an address:port format issue. >> >> A point worth noting is that when configured to bind the port only, then >> the bind is fine and in fact the proxy works as expected and when run in >> daemon mode sets up a listener on *.port for all interfaces. >> >> I do have an IPFW rulebase loaded on the freeBSD server which does not seem >> to interfere as the plug-gw behaves fine as bind to port only. >> >> Looking through my 4.4BSD books I can see that the bind call is quite happy >> to bind the address of 0/ and decide on the fly the correct interface and >> this made me wonder if it wanted to bind to an interface address rather than >> an IP address?. >> >> I am starting the proxy with the following, >> /usr/local/etc/plug-gw -daemon 192.168.30.3:80 -name plug-http >> >> Here are the syslog entries from both servers. >> Hope they come through legible. >> >> redhat 6 linux 2.2.15-22 kernel. >> Aug 23 18:26:17 xmailgate plug-gw[615]: Starting daemon mode on ip >> 192.168.30.3(192.168.30.3), port 80 >> . >> . >> Aug 25 05:10:54 xmailgate plug-gw[1139]: HERE!!! av[0] = 80 >> Aug 25 05:10:54 xmailgate last message repeated 3 times >> Aug 25 05:10:54 xmailgate plug-gw[1139]: YO!!! localip = 192.168.30.3 >> Aug 25 05:10:54 xmailgate plug-gw[1139]: connect >> host=sdakx0.xx.xx/192.168.30.10 destination=10.0.30.4/8080 >> >> >> freebsd 3.2 kernel >> Aug 24 06:13:19 sd172-lx52 plug-gw[1810]: Starting daemon mode on ip >> 172.16.30.4 >> (172.16.30.4), port 81 >> Aug 24 06:13:19 sd172-lx52 plug-gw[1810]: Failed to bind port 81, Can't >> assign requested address >> >> Any helpfull comment would be appreciated. >> Thanks, >> Mike. >> >> Michael Williams >> Software Dynamics >> mailto:sdynamic@xtra.co.nz >> http://www.voyager.co.nz/~michaelw >> cell ph: 025 995 914 >> ph: +64 9 2744876 >> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004a01beef3a$ed56c160$061ea8c0>