Hi,
I read them. But I think that the final solution cannot be
'well we will have a hole like this always since it cannot be fixed'.
I wasn't saying that I want a network interface device like 'tun',
I just wanted something similar that could be used with
ipfw to more accurately specify filters.
Hello,
On Mon, 18 Dec 2000, Wes Peters wrote:
> I need a tiny DNS server I can hack up. When our router/firewall/gateway is
> in "first birthday" mode, it doesn't yet have a connection to the internet.
> We'd like to run a DNS server on the box that resolves ALL DNS A requests
> from the inter
I need a tiny DNS server I can hack up. When our router/firewall/gateway is
in "first birthday" mode, it doesn't yet have a connection to the internet.
We'd like to run a DNS server on the box that resolves ALL DNS A requests
from the internal LAN to the internal address of our box until we have
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Sun, Dec 17, 2000 at 08:04:25PM +0100, Jesper Skriver wrote:
> The only thing I can see, we can do to improve the security of this,
> would be to match agaist the TCP sequence number too, I have a patch for
> this too, but I need to test it, will be back.
Attached is a diff which implement th
On Sun, Dec 17, 2000 at 10:08:52PM +0100, Jesper Skriver wrote:
> >(2) These same messages are not handled for connections not in
> >SYN-SENT: they ought to be
>
> Well, yes, but the real problem is when sessions are setup, the reason I
> only configured it to affect sessions in SYN-S
On Sun, 17 Dec 2000, Jesper Skriver wrote:
> - ip source and destination addresses
> - tcp source and destination ports
> - tcp sequence number
>
> Can we make it zap the sessions regardless of the current state ?
>
> And perhaps enable it by default ?
I admit that I had assumed, from the comm
On Sun, Dec 17, 2000 at 10:26:13AM -0600, Jacques A. Vidrine wrote:
> [Moved to freebsd-net]
>
> On Sun, Dec 17, 2000 at 09:59:14AM -0600, Jacques A. Vidrine wrote:
> > On Sun, Dec 17, 2000 at 10:24:12AM +0100, Poul-Henning Kamp wrote:
> > > In message <[EMAIL PROTECTED]>, Kris Kennaway writes:
>
Michael Bretterklieber wrote:
> 3. Add new options:
>
> /sys/conf/options
>
> NETGRAPH_MPPC_COMPRESSION opt_netgraph.h
> NETGRAPH_MPPC_ENCRYPTIONopt_netgraph.h
or add the directories in /sys/modules and make them as modules.
>
> To Unsubscribe: send mail to [EMAIL PROTEC
Hi,
Here is a Howto for MPPE on FreeBSD 3.5.1:
1. Get these files from 4.1.
sys/netgraph/ng_mppc.c
sys/netgraph/ng_mppc.h
sys/modules/netgraph/mppc/*
copy ng_mppc.h to /usr/include/netgraph
2. get new crypto-sources from 4.1
cvs co -rRELENG_4_1_0_RELEASE src/sys/crypto
change #ifd
On Sun, Dec 17, 2000 at 10:26:13AM -0600, Jacques A. Vidrine wrote:
> > ICMP packets include the headers of the packets that `triggered' them,
> > so we do have a sequence number.
> >
> > I think the correct thing to do is to pull the source address,
> > destination address, source port, destina
[Moved to freebsd-net]
On Sun, Dec 17, 2000 at 09:59:14AM -0600, Jacques A. Vidrine wrote:
> On Sun, Dec 17, 2000 at 10:24:12AM +0100, Poul-Henning Kamp wrote:
> > In message <[EMAIL PROTECTED]>, Kris Kennaway writes:
> > >This sounds like a security hole since ICMP messages don't have a TCP
> >
Hi,
> The following problem: I have a DSL-Connection to the internet, and a
> few client behind the BSD-Box (see picture). I can do connections to the
> internet, nearly everything works. But I DO have 2 systems (which I
> desperatly need), which do NOT fragment the packets. When using a Linux
> R
Nils Bokermann wrote:
>
> Hi!
>
> The following problem: I have a DSL-Connection to the internet, and a
> few client behind the BSD-Box (see picture). I can do connections to the
> internet, nearly everything works. But I DO have 2 systems (which I
> desperatly need), which do NOT fragment the p
Hi!
The following problem: I have a DSL-Connection to the internet, and a
few client behind the BSD-Box (see picture). I can do connections to the
internet, nearly everything works. But I DO have 2 systems (which I
desperatly need), which do NOT fragment the packets. When using a Linux
Router (do
15 matches
Mail list logo
