From owner-freebsd-security  Sun Aug 19 16:44:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from xs4nobody.nl (xs4nobody.nl [62.58.36.22])
	by hub.freebsd.org (Postfix) with SMTP id 5DE5637B408
	for <freebsd-security@freebsd.org>; Sun, 19 Aug 2001 16:44:36 -0700 (PDT)
	(envelope-from bart@xs4nobody.nl)
Received: (qmail 80524 invoked by uid 1000); 19 Aug 2001 23:44:31 -0000
Date: Mon, 20 Aug 2001 01:44:31 +0200
From: Bart Matthaei <bart@xs4nobody.nl>
To: freebsd-security@freebsd.org
Subject: Re: getting DCC fully functioning with ipnat/ipf
Message-ID: <20010820014431.A80515@heresy.xs4nobody.nl>
Reply-To: Bart Matthaei <bart@xs4nobody.nl>
References: <F140318XjHDCHBDOVhs00011ad5@hotmail.com> <20010820004115.B80382@heresy.xs4nobody.nl> <3B8048CD.DCCF51A4@oksala.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <3B8048CD.DCCF51A4@oksala.org>; from silence@oksala.org on Sun, Aug 19, 2001 at 07:16:29PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

That doesnt apply.. dcc uses random ports.. so he'll have to come up with a -use_sockets -same_ports kind of solution for ipnat.. dunno how that works :) (i always though ipnat sucked grately)

gr,

bart

On Sun, Aug 19, 2001 at 07:16:29PM -0400, Pierre-Luc Lespérance wrote:
> Bart Matthaei wrote:
> > 
> > Pass the arguments -same_ports -use_sockets to natd
> 
> 
> He is using ipf/ipnat so it's not a good idea tu run natd
> 
> You sould use the "rdr" rules in /etc/ipnat.rules : it looks
> 
> rdr xl0 your_ip_address/32 port 1234 -> subnet_ip_address port 1234
> 
> *This is an example. Actually I don't which port irc client use 
> so you gonna have to change "1234" for the real port 
> 
> It could be a good idea to read the IPFilter HOWTO 
> http://coombs.anu.edu.au/~avalon/ip-filter.html
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Bart Matthaei           |       bart@xs4nobody.nl
                        |          +31 6 24907042
Cysonet Managed Hosting |        bart@cysonet.com
-------------------------------------------------
/* It's always funny until someone gets hurt..
 * (and then it's just hilarious)              */

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message