From owner-freebsd-security  Thu Apr 15 12:41:31 1999
Delivered-To: freebsd-security@freebsd.org
Received: from mailgate.program-products.co.uk (unknown [212.240.242.226])
	by hub.freebsd.org (Postfix) with ESMTP id B865A14DE0
	for <freebsd-security@freebsd.org>; Thu, 15 Apr 1999 12:41:25 -0700 (PDT)
	(envelope-from terry@program-products.co.uk)
Received: by mailgate.program-products.co.uk via smap (V2.1)
	id xma014024; Thu, 15 Apr 99 20:38:31 +0100
Distribution: local
To: mm@i.cz, freebsd-security@freebsd.org
Subject: Re: IPFilter?
References: <Pine.BSF.4.10.9904142145080.23986-100000@madeline.boneyard.lawrence.ks.us> <XFMail.990415100815.mm@i.cz>
From: Terry Glanfield <terry@program-products.co.uk>
Date: 15 Apr 1999 20:38:28 +0100
In-Reply-To: mm@i.cz's message of "15 Apr 99 08:08:15 GMT"
Message-Id: <eg161llmz.fsf@program-products.co.uk>
Lines: 51
X-Mailer: Gnus v5.6.44/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


Hi Martin,

mm@i.cz (Martin Machacek) writes:
> I've had also troubles using transparent proxing with IPFilter 3.2.10 and FWTK
> v 2 (with appropriate patches) on FreeBSD 2.2.8. In every case the ioctl on
> /dev/ipl trying to read the original target address failed. 

Check your fwtk/lib/hnam.c.  It may be out of date - mine was.  The
relevant code snippet is appended below.

> The built in FTP proxy didn't work either except
> for passive mode transfers (that was actually the reason why I was experimenting
> with ftp-gw from FWTK). 

Why would you want anything *but* passive transfers?

Regards,
Terry.


#if defined(__FreeBSD__)
  /* The basis for this block of code is Darren Reed's
     patches to the TIS ftwk's ftp-gw.
     */
  bzero((char*)&sin,sizeof(sin));
  bzero((char*)&rsin,sizeof(rsin));
  if(getsockname(fd,(struct sockaddr*)&sin,&sl)<0) {
    return NULL;
  }
  sl=sizeof(rsin);
  if(getpeername(fd,(struct sockaddr*)&rsin,&sl)<0) {
    return NULL;
  }
  natlookup.nl_inport=sin.sin_port;
  natlookup.nl_outport=rsin.sin_port;
  natlookup.nl_inip=sin.sin_addr;
  natlookup.nl_outip=rsin.sin_addr;
  natlookup.nl_flags = IPN_TCP;
  if((natfd=open("/dev/ipnat",O_RDONLY))<0) {
    return(NULL);
  }
  if(ioctl(natfd,SIOCGNATL,&natlookup)==(-1)) { 
    return(NULL);
  }
  close(natfd);
  if(ptr) *ptr=ntohs(natlookup.nl_realport);
  sprintf(buf,"%s",inet_ntoa(natlookup.nl_realip));
  return (buf);
#endif



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message