Date: 15 Apr 1999 20:38:28 +0100 From: Terry Glanfield <terry@program-products.co.uk> To: mm@i.cz, freebsd-security@freebsd.org Subject: Re: IPFilter? Message-ID: <eg161llmz.fsf@program-products.co.uk> In-Reply-To: mm@i.cz's message of "15 Apr 99 08:08:15 GMT" References: <Pine.BSF.4.10.9904142145080.23986-100000@madeline.boneyard.lawrence.ks.us> <XFMail.990415100815.mm@i.cz>
index | next in thread | previous in thread | raw e-mail
Hi Martin,
mm@i.cz (Martin Machacek) writes:
> I've had also troubles using transparent proxing with IPFilter 3.2.10 and FWTK
> v 2 (with appropriate patches) on FreeBSD 2.2.8. In every case the ioctl on
> /dev/ipl trying to read the original target address failed.
Check your fwtk/lib/hnam.c. It may be out of date - mine was. The
relevant code snippet is appended below.
> The built in FTP proxy didn't work either except
> for passive mode transfers (that was actually the reason why I was experimenting
> with ftp-gw from FWTK).
Why would you want anything *but* passive transfers?
Regards,
Terry.
#if defined(__FreeBSD__)
/* The basis for this block of code is Darren Reed's
patches to the TIS ftwk's ftp-gw.
*/
bzero((char*)&sin,sizeof(sin));
bzero((char*)&rsin,sizeof(rsin));
if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
return NULL;
}
sl=sizeof(rsin);
if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
return NULL;
}
natlookup.nl_inport=sin.sin_port;
natlookup.nl_outport=rsin.sin_port;
natlookup.nl_inip=sin.sin_addr;
natlookup.nl_outip=rsin.sin_addr;
natlookup.nl_flags = IPN_TCP;
if((natfd=open("/dev/ipnat",O_RDONLY))<0) {
return(NULL);
}
if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) {
return(NULL);
}
close(natfd);
if(ptr) *ptr=ntohs(natlookup.nl_realport);
sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
return (buf);
#endif
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eg161llmz.fsf>