From owner-freebsd-hackers  Sat Oct 30 10: 3:20 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from post.mail.nl.demon.net (post-10.mail.nl.demon.net [194.159.73.20])
	by hub.freebsd.org (Postfix) with ESMTP id 3C6D214FF7
	for <freebsd-hackers@freebsd.org>; Sat, 30 Oct 1999 10:03:10 -0700 (PDT)
	(envelope-from rene@canyon.demon.nl)
Received: from [212.238.15.212] (helo=canyon.demon.nl)
	by post.mail.nl.demon.net with esmtp (Exim 2.02 #1)
	id 11hbuG-000214-00
	for freebsd-hackers@freebsd.org; Sat, 30 Oct 1999 17:03:08 +0000
Received: (from rene@localhost)
	by canyon.demon.nl (8.9.3/8.9.3) id RAA01051
	for freebsd-hackers@freebsd.org; Sat, 30 Oct 1999 17:13:09 +0200 (CEST)
	(envelope-from rene)
From: Rene de Vries <rene@canyon.demon.nl>
Message-Id: <199910301513.RAA01051@canyon.demon.nl>
Subject: Natd+PKT_ALIAS_PUNCH_FW missing something?
To: FreeBSD hackers <freebsd-hackers@freebsd.org>
Date: Sat, 30 Oct 1999 17:13:09 +0200 (CEST)
X-Mailer: ELM [version 2.4ME+ PL61 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello,

Am I missing something? I modified natd.c so an extra option was available to
turn on punch firewall (see diff below). When I activated this option it did
not seem to work (ftp-data is still blocked by my firewall). When I add a
general allow line for any traffic from 20 to 1023- it (of course) works. But
the whole idea was to get rid of this line...

Rene

-- BEGIN --
*** natd.c.orig Sat Oct 30 17:01:40 1999
--- natd.c      Sat Oct 30 17:09:49 1999
***************
*** 852,857 ****
--- 852,858 ----
  enum Option {
  
        PacketAliasOption,
+       PunchFW,
        Verbose,
        InPort,
        OutPort,
***************
*** 955,960 ****
--- 956,969 ----
                "same_ports",
                "m" },
  
+       { PunchFW,
+               PKT_ALIAS_PUNCH_FW,
+               String,
+               "basenumber:count",
+               "punch holes in the firewall for incomming ftp data connections",
+               "punch_fw",
+               NULL },
+ 
        { Verbose,
                0,
                YesNo,
***************
*** 1168,1173 ****
--- 1177,1189 ----
  
                aliasValue = yesNoValue ? info->packetAliasOpt : 0;
                PacketAliasSetMode (aliasValue, info->packetAliasOpt);
+               break;
+ 
+       case PunchFW:
+               if (sscanf(strValue, "%u:%u", &basefw, &count) != 2) 
+                       errx(1, "%s needs basefw:count", info->name);
+               PacketAliasSetFWBase(basefw, count);
+               PacketAliasSetMode(PKT_ALIAS_PUNCH_FW, PKT_ALIAS_PUNCH_FW);
                break;
  
        case Verbose:

-- END --

-- 
Rene de Vries                    http://www.tcja.nl/~rene; mailto:rene@tcja.nl


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message