From owner-freebsd-security Wed Aug 25 13:48:32 1999 Delivered-To: freebsd-security@freebsd.org Received: from mta2-rme.xtra.co.nz (mta2-rme.xtra.co.nz [203.96.92.3]) by hub.freebsd.org (Postfix) with ESMTP id 574A614CFF for ; Wed, 25 Aug 1999 13:48:24 -0700 (PDT) (envelope-from sdynamic@xtra.co.nz) Received: from sdk6 ([210.55.122.60]) by mta2-rme.xtra.co.nz (InterMail v4.01.01.00 201-229-111) with SMTP id <19990825205024.FLHK2478302.mta2-rme@sdk6>; Thu, 26 Aug 1999 08:50:24 +1200 Message-ID: <004a01beef3a$ed56c160$061ea8c0@sdk6.sd.co.nz> From: "Michael Williams" To: "William L. Hamlin" Cc: , Subject: Re: IPBind patch for fwtk on freeBSD 3.2 Date: Thu, 26 Aug 1999 08:46:36 +1200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.5 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bill, Thanks for your quick response. Sorry for my slow reply.. NZ time it way differant. If socket programming is bordering off corect topic for freebsd-security perhaps one of the freeBSD team could let me know in which case we could post the resolution only to freebsd-security :) > >Which version of IPBind are you using? If you are using anything older >than 1.2, get the newest one - that will probably be your problem. There >are known issues with earlier versions attempting to bind specific IP >addresses on some systems. > Oops, silly of me to include the version of everything but the IPBind code. Version 1.2 already (: > >My next suggestion would be to verify that the IP address you are >specifying (172.16.30.4) is indeed the one that you want to use and that >it is correctly configured on the local machine. I know this sounds >basic, but most of the problem e-mails I get regarding the patch end up >being this very problem. A good sign of a computer nut is that his eyes >are almost completely blurry from working all night... > Good suggestion just the same, I can bind the plug-gw by port only and connect via the IP address in question. First I started with an alias IP & then moved on to using the base adapter IP which I know works. An interesting direct reply I had suggested that FreeBSD requires entire sockaddr_in structure to be bzero'ed before assigning address. In the mean time I have found the Socket-address template structure and a sample diagram for the Internet-domain socket name ( Design & Implementation 4.4 BSD ) showing the layout as follows: sa_len, sa_family, sa_data 1-byte, 1-byte, variable-length Which in this case should be: sin_len,AF_INET,sin_port,sin_addr,sin_zero My 'c' code is very rusty but I will follow this up. I use freeBSD on a number of production servers in various secure roles and find it to be the most interesting, fun and stable OS of any I have ever used :) Mike. Michael Williams Software Dynamics mailto:sdynamic@xtra.co.nz http://www.voyager.co.nz/~michaelw cell ph: 025 995 914 ph: +64 9 2744876 >> >> Has anyone used the really cool fwtk IPBind patch for daemon mode plug-gw >> proxies with success on any of the freeBSD OS version's?. >> >> I have found it to work exactly as expected under RedHat Linux 6.0 as per >> the syslog entries at the end of this mail. >> >> The documentation clearly states, >> This patch has been tested and verified on the following systems: >> >> Solaris 2.5.1 (sparc) >> Solaris 2.5 (x86) >> >> So I am not expecting to much as it does work on my test RedHat server just >> not on the freeBSD 3.2 server which happens to be the gateway I want to use >> this on (: >> >> However looking through the source code I can see that under freeBSD it >> makes it through the create socket call, then the setsockopt call OK but >> fails on the Bind seeming to not like the address. >> I am not sure how to figure out if the problem is an access rights issue or >> perhaps an address:port format issue. >> >> A point worth noting is that when configured to bind the port only, then >> the bind is fine and in fact the proxy works as expected and when run in >> daemon mode sets up a listener on *.port for all interfaces. >> >> I do have an IPFW rulebase loaded on the freeBSD server which does not seem >> to interfere as the plug-gw behaves fine as bind to port only. >> >> Looking through my 4.4BSD books I can see that the bind call is quite happy >> to bind the address of 0/ and decide on the fly the correct interface and >> this made me wonder if it wanted to bind to an interface address rather than >> an IP address?. >> >> I am starting the proxy with the following, >> /usr/local/etc/plug-gw -daemon 192.168.30.3:80 -name plug-http >> >> Here are the syslog entries from both servers. >> Hope they come through legible. >> >> redhat 6 linux 2.2.15-22 kernel. >> Aug 23 18:26:17 xmailgate plug-gw[615]: Starting daemon mode on ip >> 192.168.30.3(192.168.30.3), port 80 >> . >> . >> Aug 25 05:10:54 xmailgate plug-gw[1139]: HERE!!! av[0] = 80 >> Aug 25 05:10:54 xmailgate last message repeated 3 times >> Aug 25 05:10:54 xmailgate plug-gw[1139]: YO!!! localip = 192.168.30.3 >> Aug 25 05:10:54 xmailgate plug-gw[1139]: connect >> host=sdakx0.xx.xx/192.168.30.10 destination=10.0.30.4/8080 >> >> >> freebsd 3.2 kernel >> Aug 24 06:13:19 sd172-lx52 plug-gw[1810]: Starting daemon mode on ip >> 172.16.30.4 >> (172.16.30.4), port 81 >> Aug 24 06:13:19 sd172-lx52 plug-gw[1810]: Failed to bind port 81, Can't >> assign requested address >> >> Any helpfull comment would be appreciated. >> Thanks, >> Mike. >> >> Michael Williams >> Software Dynamics >> mailto:sdynamic@xtra.co.nz >> http://www.voyager.co.nz/~michaelw >> cell ph: 025 995 914 >> ph: +64 9 2744876 >> > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message