From owner-freebsd-security Tue Jan 2 9:22:35 2001 From owner-freebsd-security@FreeBSD.ORG Tue Jan 2 09:22:31 2001 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from smtp.nettoll.com (matrix.nettoll.net [212.155.143.61]) by hub.freebsd.org (Postfix) with ESMTP id 42B8837B400; Tue, 2 Jan 2001 09:22:30 -0800 (PST) Received: by smtp.nettoll.com; Tue, 2 Jan 2001 18:18:41 +0100 (MET) Message-Id: <4.3.0.20010102182437.02274f00@pop.free.fr> X-Sender: usebsd@pop.free.fr X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Tue, 02 Jan 2001 18:27:33 +0100 To: Miklos Niedermayer , Attila Nagy From: mouss Subject: Re: IPSTEALTH - transparent router Cc: romualdo@uninet.com.br, freebsd-security@freebsd.org, freebsd-net@freebsd.org In-Reply-To: <20010102073023.D309@bsd.hu> References: <3a50d8b7.3a6d.0@uninet.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 07:30 02/01/01 +0100, Miklos Niedermayer wrote: >Hello, > >( > Attila Nagy) > > > > I have many routers with wavelan card working with freeBSD and i am > > > trying without sucessfull use IPSTEALTH work i want whem one machine > > > make traceroute dont show my router and go a way > > sysctl -w net.inet.ip.stealth=1 > >...or you can live happy with IPFilter's fastroute feature, that does >exactly what you want. there are differences though. - with the sysctl, stealth applies to all connections, but packets follow the "standard" stack - with ipfilter, you can force selective "stealth", but you follow ipfilter forwarding functions. according to ipfilter docs, there are concerns. not a real problem, but one should know about. cheers, mouss To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message