Date: Thu, 29 Sep 2016 15:24:11 +0200 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: Daniel Kalchev <daniel@digsys.bg> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org>, freebsd-security@freebsd.org Subject: Re: IPFW on CURRENT: NAT forwarding exposes internal IP! Message-ID: <20160929152411.7a9c3f4f.ohartman@zedat.fu-berlin.de> In-Reply-To: <6C0203C4-F332-42B1-AF62-18723E63E112@digsys.bg> References: <20160929144755.2e4f7800.ohartman@zedat.fu-berlin.de> <6C0203C4-F332-42B1-AF62-18723E63E112@digsys.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCkFtIFRo dSwgMjkgU2VwIDIwMTYgMTY6MDA6MTAgKzAzMDANCkRhbmllbCBLYWxjaGV2IDxkYW5pZWxAZGln c3lzLmJnPiBzY2hyaWViOg0KDQpZZXMsIHlvdXIgYXJlIHJpZ2h0IDotKQ0KDQpZZXMsIEknbSB3 cm9uZywgaXQgaXMgbm90IE5BVCA6LSgNCg0KVGhhbmtzIGEgbG90LCANCg0KT2xpdmVyDQo+IEl0 IGxvb2tzIGxpa2UgeW91ciBodHRwZCBzZXJ2ZXIgaXMgZG9pbmcgYSByZWRpcmVjdCB0byB5b3Vy IGludGVybmFsIElQIGFkZHJlc3MsIHdoaWNoDQo+IGl0IHRoaW5rcyBpcyBpdOKAmXMgU2VydmVy TmFtZS4gRG9u4oCZdCB0aGluayBOQVQgaGFzIGFueXRoaW5nIHRvIGRvIHdpdGggaXQuDQo+IA0K PiBEYW5pZWwNCj4gDQo+ID4gT24gMjkuMDkuMjAxNiDQsy4sIGF0IDE1OjQ3LCBPLiBIYXJ0bWFu biA8b2hhcnRtYW5AemVkYXQuZnUtYmVybGluLmRlPiB3cm90ZToNCj4gPiANCj4gPiAtLS0tLUJF R0lOIFBHUCBTSUdORUQgTUVTU0FHRS0tLS0tDQo+ID4gSGFzaDogU0hBMjU2DQo+ID4gDQo+ID4g DQo+ID4gRGVzcGl0ZSBvdGhlciBwcm9ibGVtcyB3aXRoIElQRlcgYW5kIGl0cyBkb2N1bWVudGF0 aW9uIHJlZ2FyZGluZyBOQVQsIEkgZmFjZSBhIHNlcmlvdXMNCj4gPiBhbmQgZGlzdHVyYmluZyBw cm9ibGVtLg0KPiA+IA0KPiA+IEkgcnVuIGEgTmFub0JTRCBiYXNlZCByb3V0ZXIvZmlyZXdhbGwg cHJvamVjdCBvZiBteSBvd24sIHJ1bm5pbmcgQ1VSUkVOVCAoRnJlZUJTRA0KPiA+IDEyLjAtQ1VS UkVOVCAjMSByMzA2MzMzOiBNb24gU2VwIDI2IDA4OjM2OjAyIENFU1QgMjAxNikuIElQRlcgaXMg dGhlIGZpbHRlciBvZiBteQ0KPiA+IGNob2ljZSwgc2luY2UgaXQgaXMgRnJlZUJTRCdzIG5hdGl2 ZS4gSSBhbHNvIHVzZSBJbi1rZXJuZWwtTkFUIGFzIHdlbGwgYXMgcHBwb2VkL3BwcC4NCj4gPiBU aGUgbW9kZW0gaXMgY29ubmVjdGVkIHRvIGEgZGVkaWNhdGVkIE5JQywgdGhlIHBwcG9lLXRyYWZm aWMgaXMgdHJhbnNwb3J0ZWQgdmlhIHR1bjANCj4gPiAtIEkgdGhpbmsgdGhpcyBpcyB0aGUgdXN1 YWwgc3R1ZmYuDQo+ID4gDQo+ID4gVGhlIElQRlcgaGFzIHRoaXMgTkFUIHJ1bGU6DQo+ID4gDQo+ ID4gJHtmd2NtZH0gICAgICAgIG5hdCAxIGNvbmZpZyBpZiAke2lmX2lzcDB9IFwNCj4gPiAgICAg ICAgICAgICAgICAgICAgICAgIGxvZyBcDQo+ID4gICAgICAgICAgICAgICAgICAgICAgICByZXNl dCBcDQo+ID4gICAgICAgICAgICAgICAgICAgICAgICBzYW1lX3BvcnRzIFwNCj4gPiAgICAgICAg ICAgICAgICAgICAgICAgIHJlZGlyZWN0X3BvcnQgdGNwICR7c2VydmVyX2dhdGV9OjIyIDIyIFwN Cj4gPiAgICAgICAgICAgICAgICAgICAgICAgIHJlZGlyZWN0X3BvcnQgdGNwICR7c2VydmVyX3d3 d306ODAgODAgXA0KPiA+ICAgICAgICAgICAgICAgICAgICAgICAgcmVkaXJlY3RfcG9ydCB0Y3Ag JHtzZXJ2ZXJfd3d3fTo0NDMgNDQzIFwNCj4gPiAgICAgICAgICAgICAgICAgICAgICAgIHJlZGly ZWN0X3BvcnQgdGNwICR7c2VydmVyX3JlZmRifTo5NzM0IDk3MzQNCj4gPiANCj4gPiBzZXJ2ZXJf d3d3IGlzIGFzc2lnbmVkIHRvIGEgbm9uLW9mZmljaWFsIElQLCAxOTIuMTY4LjEwLjEwLg0KPiA+ IA0KPiA+IGlmX2lzcD10dW4wLCB0dW4wJ3MgSVAgaXMgZ2l2ZW4gYnkgdGhlIHByb3ZpZGVyLCBJ IHVzZSBuZXQvZGRjbGllbnQgYXMgdGhlIHVwZGF0ZXINCj4gPiBmb3IgYSBkeW5hbWljIEROUyBh Y2NvdW50Lg0KPiA+IA0KPiA+IEkgdXNlIGFuIGludGVybmFsIEROUyBzZXJ2ZXIsIHdoaWNoIHJl c29sdmVzIDkyLjE2OC4xMC4xMCB0byBhIGNlcnRhaW4gbmFtZS4gSSBhbHNvDQo+ID4gdXNlIHNl bGYgc2lnbmVkIFNTTCBjZXJ0aWNhdGVzLCBqdXN0IGZvciBjb21wbGV0ZW5lc3Mgb2YgdGhpcyBp bmZvcm1hdGlvbi4NCj4gPiANCj4gPiBDb25uZWN0aW5nIGZyb20gdGhlIG91dHNpZGUgd29ybGQg dG8gbXkgZHluRE5TIGRvbWFpbiB0cmlnZ2VycyBGaXJlZm94IG9yIGFueSBvdGhlcg0KPiA+IGJy b3dzZXIgdG8gY29tcGFsaW4gYWJvdXQgdGhlIHNlbGYgc2lnbmVkIFNTTCBjZXJ0aWZpY2F0ZSAt IGFzIHVzdWFsLCBidXQgdGhlbiwgYWRkaW5nDQo+ID4gaXQsIHN1ZGRlbmx5IHRoZSBkb21haW4g bmFtZSAoc2F5OiB3d3cuYmxhYmxhLm9yZykgaXMgcmVwbGFjZWQgYnkgdGhlIGludGVybmFsIElQ IEkNCj4gPiBkZWxlZ2F0ZSBhbnkgYWNjZXNzIG9uIHBvcnRzIDgwIGFuZCA0NDMgdG8uDQo+ID4g DQo+ID4gV2hhdCBoYXBwZW5zIGhlcmU/IEkgY29uc2lkZXIgdGhpcyBhIGJ1ZywgSSBuZXZlciBz YXcgdGhpcyBvbiBvdXIgTGludXggc2VydmVycw0KPiA+IHJ1bm5pbmcgYSBzaW1pbGFyIHNldHVw IChmb3J3YXJkaW5nLCBCSU5EIDkuMTAvQklORCA5LjExKS4NCj4gPiANCj4gPiBUaGFua3MsDQo+ ID4gDQo+ID4gT2xpdmVyDQo+ID4gLS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NCj4gPiBW ZXJzaW9uOiBHbnVQRyB2Mg0KPiA+IA0KPiA+IGlRRWNCQUVCQ0FBR0JRSlg3UTE3QUFvSkVPZ0Jj RDdBLzVOODh5QUgvUlpMVVJRYkM1TFRnSkQvTlVkRTUxRjMNCj4gPiB5UFZhVVFJYWVHbTkzZHU4 N0syb3BYczNETnRNcjBtMVNJMXdRWmRPQVFEbDN5cU1rejliWDlWVFV3ZXVBbHRwDQo+ID4gWmNC eGhaMlZBQ1FKQ3UvQXNZSVdXV3A2cmxpbml5WldNcitUT3lOdFREeGRQcklYWXp3ZWZYK2ZZTitV eS8wNA0KPiA+IDlQYWxmY1QvUys5cTVES2Q3c203SzZMcXNVMEhKOUdwS2dObnN5cVdFQVd2T1Jn eFV2S1MzR1M5akVqeFVuckQNCj4gPiAyMHlUWGp5aXUwbVM4VVlMUzdEYnJyZ0l0ZzNmWEVKVkc4 MTg4dHdlRkI1YWFsUVJINm95TkdheFdsR2FGOFJjDQo+ID4gSzl0NDc5djZPVzNYQ3M5RmlHNkF0 Q3pwbW5Va0NvTXR4bDdsWTNoUFUvU2gxUDVlcFl1MjZiZG9GMmVjcjFnPQ0KPiA+ID1vTUdMDQo+ ID4gLS0tLS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tDQo+ID4gX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX18NCj4gPiBmcmVlYnNkLWN1cnJlbnRAZnJlZWJzZC5v cmcgbWFpbGluZyBsaXN0DQo+ID4gaHR0cHM6Ly9saXN0cy5mcmVlYnNkLm9yZy9tYWlsbWFuL2xp c3RpbmZvL2ZyZWVic2QtY3VycmVudA0KPiA+IFRvIHVuc3Vic2NyaWJlLCBzZW5kIGFueSBtYWls IHRvICJmcmVlYnNkLWN1cnJlbnQtdW5zdWJzY3JpYmVAZnJlZWJzZC5vcmciICANCj4gDQo+IF9f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQo+IGZyZWVic2Qt Y3VycmVudEBmcmVlYnNkLm9yZyBtYWlsaW5nIGxpc3QNCj4gaHR0cHM6Ly9saXN0cy5mcmVlYnNk Lm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ZyZWVic2QtY3VycmVudA0KPiBUbyB1bnN1YnNjcmliZSwg c2VuZCBhbnkgbWFpbCB0byAiZnJlZWJzZC1jdXJyZW50LXVuc3Vic2NyaWJlQGZyZWVic2Qub3Jn Ig0KLS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NClZlcnNpb246IEdudVBHIHYyDQoNCmlR RWNCQUVCQ0FBR0JRSlg3Ulg3QUFvSkVPZ0JjRDdBLzVOODVyQUgvamJ3UjB5ZDFiRTBhOU9JdWtm SnlmMlkNCjNzK08rR1Fha3haSm1ZRDZ2ditrKzZNMnFEOVRGc3JDSG1IeWxOZnNWNWdCaXJGWmU2 Z0VIUmliWG52bmxReHkNCkptWG5pSzJvL0hYbC9ORHhFS1RzaHFYNnh0Uyt4ZW93N0loT2JDRzQy T2FacnhVZEtnWDNxZmdZMTNWS0VWTTENCjlOZEx2MEVFMHZlSytFbnhteG5CU0RsMmg1d1Y2OXBL MVJhK2lMU1NmWWVPK1ZNTUgyZVVLNmpiaC9TNGNCNWgNCkFKNG9LMDhieTRTTk9zb3ZNd3RLTEYr VTFOSGFEdUhLV0c5MnJYVTFtWU4vTTNycXRWZ1ZwcTA0MHRPVkRGcEMNCk55bGhqNGUxWFJuTS9V M1k3VkJ6dGZUTjRFWEdSSzhEK20xZk9YR2lQbmV0MzB2aGQza1lGUmhURjV2bmYxVT0NCj1MdW1K DQotLS0tLUVORCBQR1AgU0lHTkFUVVJFLS0tLS0NCg==
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160929152411.7a9c3f4f.ohartman>