Date: Sun, 4 Mar 2001 01:23:38 -0500 From: Barney Wolff <barney@pit.databus.com> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: Chris Johnson <cjohnson@palomine.net>, stable@FreeBSD.ORG Subject: Re: Did ipfw fwd just break? Message-ID: <20010304012338.A52971@pit.databus.com> In-Reply-To: <200103040230.SAA25152@salsa.gv.tsc.tdk.com>; from Don.Lewis@tsc.tdk.com on Sat, Mar 03, 2001 at 06:30:18PM -0800 References: <20010303203733.A49750@palomine.net> <200103040211.SAA24825@salsa.gv.tsc.tdk.com> <20010303211958.A50525@palomine.net> <200103040230.SAA25152@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I question whether this complexity is necessary. The effect of the tranparent proxying could just as well have been achieved by translating to an alias address that is assigned to the interface, rather than to localhost, right? Simpler is better, in the kernel. Barney Wolff On Sat, Mar 03, 2001 at 06:30:18PM -0800, Don Lewis wrote: > On Mar 3, 9:19pm, Chris Johnson wrote: > } Subject: Re: Did ipfw fwd just break? > } > } Now, is it possible to protect myself from whatever evil check_interface is > } supposed to protect me from, while still doing my transparent proxying? Or = > } do I > } have to choose one or the other? > > Try this patch. You might still have to disable check_interface if > your host is multi-homed and net.inet.ip.forwarding is 0, but even > so, you should be better protected than with the older code. > > Your bug report pointed out problem in the code, which I believe > I have corrected in this patch. You can be the first to try it ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010304012338.A52971>