e Closed -->
Initial
May 16 14:48:29 net5501 mpd: [L-1] Link: SHUTDOWN event
May 16 14:48:29 net5501 mpd: [L-1] Link: Shutdown
--
Crist J. Clark | cjcl...@alum.mit.edu
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
;
The replacement does not yet exist.
> On Jan 5, 2008, at 3:52 AM, Michael Tuexen wrote:
>
> >Dear all,
> >
> >aren't site-local IPv6 addresses depreceated (RFC 3879)? So shouldn't
> >the site-local stuff be removed?
> >
> >Best regards
> &g
ADDR_SCOPE_NODELOCAL0x01
#define __IPV6_ADDR_SCOPE_INTFACELOCAL 0x01
#define __IPV6_ADDR_SCOPE_LINKLOCAL0x02
+#define __IPV6_ADDR_SCOPE_ADMINLOCAL 0x04
#define __IPV6_ADDR_SCOPE_SITELOCAL0x05
#define __IPV6_ADDR_SCOPE_ORGLOCAL 0x08/* just used in this file */
#define __IPV6_ADDR_SCOPE_GLOBAL
).
The patch to freebsd-net addresses these problems. It
changes the sorce port so that we don't have overlapping
src-sport-dst-dport-tuples, and uses a base source port from
the LSBs of the clock for a "random" number. That would seem
to fix the problem. The only question would be is that a good
way to pick the base source port? It's probably good enough,
although some kind of hash of the PID might be better.
--
Crist J. Clark | [EMAIL PROTECTED]
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
s Controller'
class= network
Running on a 4.11-RELEASE-p13 system? I am aware of the CAVEAT
section of wi(4), but the info in there is about three years
old.
(While we're at it, how about the best revision for a Netgear
MA401RA on RELENG_5?)
On Mon, Mar 06, 2006 at 06:20:27PM
aces or
networks (both RFC1918 ranges) differently.
Anyone have suggestions there too?
Oh yeah. What happens when I turn WEP off? The ThinkPad problem
goes away, but the Compaq problem stays.
--
Crist J. Clark | [EMAIL PROTECTED]
___
free
_flags = TH_SYN;
@@ -1335,7 +1341,8 @@
struct tcphdr *const tcp = (struct tcphdr *) data;
return (ntohs(tcp->th_sport) == ident
- && ntohs(tcp->th_dport) == port + seq);
+ && ntohs(tcp->th_dport) == port + (fixedPort ? 0 : seq))
+
On Thu, Apr 28, 2005 at 08:38:01AM +1000, Neo-Vortex wrote:
>
>
> On Wed, 27 Apr 2005, Crist J. Clark wrote:
>
> > All I want to do is send an echo-request and listen for the
> > echo-reply at the PPP layer. Note that I am talking about
> > pings _at the link layer
(4)
node for this unless its really simple)?
(BTW, support for PPP-layer echoes seems to be required by
RFC1661. Anyone know to what extent real-world PPP implementations
really handle them correctly?)
--
Crist J. Clark | [EMAIL PROTECTED]
have any suggestions or things to look for?
--
Crist J. Clark | [EMAIL PROTECTED]
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
(that is
not a totally idle threat either), are we going to see in-kernel
support for that anytime soon? Or is this code out there and
I just haven't seen it?
--
Crist J. Clark | [EMAIL PROTECTED]
___
freebsd-net@freebsd.org ma
eate policy" on the
fly. What happens is that when the SA gets stale, but before it expires,
racoon(8) creates a new SA. But since there is an existing entry in the
SPD, a new one is cannot made. When the old SA times out, the its
accompanying SPD entry is killed, le
hould work fine in CURRENT.
Suggestions, comments, or criticisms, public or private, are welcome.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PR
On Tue, Mar 30, 2004 at 11:22:08AM +, Bjoern A. Zeeb wrote:
> On Mon, 29 Mar 2004, Crist J. Clark wrote:
>
> > > I have troubles setting up an IPSec Host-to-Host connection between
> > > FreeBSD 5.2.1 and MacOS X 10.3.3:
> >
> > Last I knew, 5.2.1 still
the 'outbound packets with no SA
available' count is increasing.
The workaround was to not use IPSEC in the kernel, but FAST_IPSEC.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.f
On Wed, Mar 24, 2004 at 10:59:11PM +0100, Lutz Petersen wrote:
> Crist J. Clark wrote:
> >How long does it take to do a reverse-lookup on the result of the
> >previous lookups? The applications may be trying to resolve a PTR
> >record for the final IP address they end up with.
ry your ftp or telnet.
2) Put 127.0.0.1 back into resolv.conf, clear the cache of the local
BIND (not sure of a way to do that other than killing and
restarting in 8.x.x), and run the same thing,
# tcpdump -s512 port 53
And ag
On Wed, Mar 17, 2004 at 10:14:53AM +0300, Zherdev Anatoly wrote:
> On Tue, 16 Mar 2004 16:06:11 -0800
> "Crist J. Clark" <[EMAIL PROTECTED]> wrote:
>
>
> [Skip...]
> ^
> > The zero wi
s me the TCP buffer on the FreeBSD side is
full. The Cisco is trying to send that last byte of data and the FIN,
but the FreeBSD side cannot accept it since the buffer is full. This
usually means the application on the FreeBSD side is not reading the
data out of the socket.
What's the &#
ksum verification.
Keeping a single host from polluting the whole network, and only its
LAN, with bad packets is considered worth the cost of every router
doing the check.
FWIW, this is one of the few places a standard demands that you not
even provide the option to disable
t me some?
How about the ppp(8) manpage?
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
___
[EMAIL PROTECTED] ma
responder... I cannot
figure out what may have changed to cause this problem.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
and dhcp on card
> 2?
This is easier. Just a,
ifconfig_ep1="DHCP"
In rc.conf(5) should be all you need.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
On Wed, Nov 19, 2003 at 01:14:21PM -0800, John Polstra wrote:
> On 19-Nov-2003 Crist J. Clark wrote:
> > OK, an easy one. I am trying to do some netgraph(3) coding in
> > userland. From how I read the documentation, this should work. Before
> > I go learn all of the netr
&laddr, sizeof laddr) == -1)
err(errno, "failed to bind ksocket");
return 0;
}
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROT
On Sun, Nov 16, 2003 at 08:11:36PM +0100, Helge Oldach wrote:
> Crist J. Clark:
> >On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote:
> >> From: Crist J. Clark [mailto:[EMAIL PROTECTED]
> >> > Two different ESP end points behind many-to-one NAT connec
On Sat, Nov 15, 2003 at 07:54:40AM +0100, Oldach, Helge wrote:
> From: Crist J. Clark [mailto:[EMAIL PROTECTED]
> > On Fri, Nov 14, 2003 at 06:22:55PM +0100, Helge Oldach wrote:
> > > Nothing that works well and has noticeable exposure is useless. This
> > > definitely
On Fri, Nov 14, 2003 at 06:22:55PM +0100, Helge Oldach wrote:
> Crist J. Clark:
[snip]
> >> This is actually implemented in most modern VPN
> >> devices. They do NAT translation according to SPI. The alternative is to
> >> encapsulate IPSec traffic in UDP (using p
On Fri, Nov 14, 2003 at 10:22:06AM +0100, Helge Oldach wrote:
> Crist J. Clark:
> >On Thu, Nov 13, 2003 at 12:46:24PM -0500, Vincent Goupil wrote:
> >> I setup a firewall with ipfw2 and natd on freebsd 4.9 release.
> >>
> >> I have mapped my subnet with alias_
On Fri, Nov 14, 2003 at 10:35:53AM +0200, Ruslan Ermilov wrote:
> On Thu, Nov 13, 2003 at 12:24:35PM -0800, Crist J. Clark wrote:
> > I'm trying to play around with netgraph(4) for the first time and
> > there seem to be some aspects of it that haven't "cl
ly use to map the traffic between multiple machines behind
NAT to a single VPN end point on the other side, but there is no
practical way for the NAT box to learn the SPI of incoming packets.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EM
ly, I think my conceptual problem is with the fact that you
start with the ngctl(8) node in the middle of everything. How do I
create my new nodes and get the ngctl(8) node out of the middle?
--
Crist J. Clark | [EMAIL PROTECTED]
On Fri, Oct 31, 2003 at 09:45:25AM -0600, Mark Johnston wrote:
> "Crist J. Clark" <[EMAIL PROTECTED]> wrote:
> > On Thu, Oct 30, 2003 at 03:05:09PM -0600, Mark Johnston wrote:
> > > - gateway receives an ESP packet from mobile (encapsulating a ping).
> > &g
w managed to figure this out, M$.
>Any one could point me to some url or send me keywords I should look
> for please? If things won?t work with ipsec I?ll do it with MPD... but
> I still should have ask it here.
FWIW, I ended up using mpd for Windows machines this exact sa
that what you actually have? Are you doing NAT on the internal
interface? That would confuse things.
> deny ip from any to 192.168.0.0/24
> pass ip from me to any keep-state
>
> All I'm missing is the known-sp definitions. If anyone has any pointers on
> doing this,
add allow tcp from any to me 80 setup
> $fwcmd add allow tcp from any to me 21 setup
> $fwcmd add allow tcp from any to me 22 setup
>
> # This sends a RESET to all ident packets.
> $fwcmd add reset log tcp from any to me 113 in recv any
>
> # Enable ICM
On Thu, May 29, 2003 at 01:38:49PM +0900, JINMEI Tatuya / [EMAIL PROTECTED]@C#:H wrote:
> >>>>> On Wed, 28 May 2003 14:48:22 -0700,
> >>>>> "Crist J. Clark" <[EMAIL PROTECTED]> said:
>
> > I sent a PR into the KAME guys a few weeks bac
On Wed, May 28, 2003 at 05:40:46PM -0400, Barney Wolff wrote:
> On Wed, May 28, 2003 at 02:03:59PM -0700, Crist J. Clark wrote:
> > On Wed, May 28, 2003 at 12:51:54AM -0400, Paul Chvostek wrote:
> > >
> > > I'm considering:
> > >
> > > ipfw
as-is.
So, my reason for writing is, is anyone aware of wide-spread use of
the NULL encryption algorithm in confguration file that will get
broken by such a change?
--
Crist J. Clark | [EMAIL PROTECTED]
ht tool for
firewalling, ipfw(8). Are you short on resources in the first place?
If you are really pushing this machine's routing capabilities to its
max, you might be in need of an OS and hardware designed solely for
routing. Tinkering with ipfw(8) versus blackhole routes prob
t;Anti-Spoofing Option" on the
freebsd-ipfw list. Coming soon to a FreeBSD repository near you.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: se
problems if the in-kernel
firewall code and the userland interface to it get out of sync.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send ma
180 divert tcp from any to any dst-port 7
> 0002 00 divert tcp from any 7 to any
> *screenshot***
Are you sure 172.16.253 is responding?
# ipfw add divert tcp from any to any 7
# ipfw add count tcp from any 7 to any
# ipfw add divert
On Tue, Jan 21, 2003 at 03:16:28PM +0200, Pekka Nikander wrote:
> Crist,
>
> Crist J. Clark wrote:
> >I don't see this. I have one rule on my external interface,
> >
> > block in log quick on de0 all head 2000
> >...
> >
On Tue, Jan 21, 2003 at 08:50:03AM -0700, Mike Durian wrote:
> On Monday 20 January 2003 11:34 pm, Crist J. Clark wrote:
> >
> > I don't see this. I have one rule on my external interface,
> >
> > block in log quick on de0 all head 2
ring of traffic from the outside world happens on the
external interface,
pass out quick on fxp0 all
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
all class C or smaller subnets
routed via the tun interface.
Proxy arp entries are only made for sticky routes that are added
using the ``add'' command. No proxy arp entries are made for the
interface address its
(NULL);
}
reply(150, "Opening %s mode data connection for '%s'%s.",
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
Index: ftpd.c
==
27;m wrong.
No, it's not there. I've just been way to busy with my day-job to do
much FreeBSD work for the last few months. But I'll try to add this
code today.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTE
e ripping the IPsec processing apart, something
> to eliminate this catch-22 would be nice (: (spd entries pointing to an
> unconfigured or dummy tunnel, for example)
What's the problem with just having the script that builds the SPD
discover the IP address on its own?
--
Crist J. Clark
Q
and ACK numbers look good to me. I should note that this isn't just an
issue with the FreeBSD ftp client. I get the same result with Windows,
Solaris, Cygwin, and OpenBSD too.
Why is it happening and how do I get around this?
--
Crist J. Clark | [EMAIL PROTECTED]
, if we
RTFM,
no_rdisc
disables the Internet Router Discovery Protocol.
Do you maybe just want to turn this off?
Another question might be, if you don't know what all of this stuff
is, do you really need to be running routed(8) at all?
--
Crist J. Clark
nt I was going to make is that those blocked packets are
not 520/udp, but rather ICMP.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to
.1): Permission
> denied
>
> My routed ipfw rules are:
> 00010 allow udp from any 520 to any
> 00011 allow udp from any to any 520
>
> Could anybody help me?
Are those all of your rules? Particularly any rules before those?
--
Crist J. Clark
quite sure I understand why it would be needed. If there isn't
a route to send a packet out of an interface, it won't go out of the
interface. Under what conditions would you see yourself blocking
packets? Is this really an ackbassward way to filter routes from
routing daemons?
--
Crist J. Clark
ling me (or spamming!) there either ).
>
> So I'd like to kill off that number from appearing, any idea how to do it ?
The '-f' option of sendmail(8) would do this. See also the "trusted
user" options for your sendmail.mc. I am not aware of away to set u
just defaulting to loopback when no
options are present.
The "and" part of the conditional was on the previous line. Here's the
whole conditional,
if (inm != NULL &&
(imo == NULL || imo->imo_multicast_loop)) {
--
Crist J. Clark
On Thu, May 23, 2002 at 02:51:16AM +0200, John Angelmo wrote:
> On Wed, 22 May 2002 17:28:37 -0700
> "Crist J. Clark" <[EMAIL PROTECTED]> wrote:
>
> > On Mon, May 20, 2002 at 07:39:36PM +0200, John Angelmo wrote:
> > > Hello
> > >
> > &g
@ and
freebsd-ipfw@. I think I may have some somewhere.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
There really is no
way to deal with this within ipfw(8) itself. Rules for hostnames whose
IP address changes is not a problem that can really be efficiently
solved in a general way.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECT
information.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
acket. I read that FreeBSD is not supporting directed broadcasts
> since 2.2.5. Is there any parameter for chanching this behaviour?
Looks like it was gutted earlier than that.
The code was completely removed. You would have to go back and add it
or come up with some other hac
ich allows remote
> # observers to determine the rate of packet generation on the
> # machine by watching the counter.
> options RANDOM_IP_ID
...which has absolutely nothing to do with this thread.
--
Crist J. Clark | [EMAIL PROTECTED]
to a particular MAC
> address, regardless of the IP destination address of the packet. Once
> again, I know BPF can do this, but then I have similar concerns to the ones
> above. For example, what do I set the IP ID field to??
IP ID? Set the DF bit, then the IP ID field won't ever be
s1 | | RH | | Windows3 |
> +--+ ++ +--+
>
> What I would like to be able to do is somehow send copies of
> network traffic to the RH box without having to move it
> between the FreeBSD box and the switch. Is this possible
> and if so, how would I go a
On Fri, Apr 12, 2002 at 09:34:50AM -0700, Michael Sierchio wrote:
> Crist J. Clark wrote:
>
> > ipfw(8) will filter with bridge(4) just fine. I have a simple patch on
> > the website below to get ipf(8) to filter with bridge(4) too.
>
> Just for the sake of clarity,
to use ngctl to
> configure step by step). Has anybody a sample configuration or a example?
ipfw(8) will filter with bridge(4) just fine. I have a simple patch on
the website below to get ipf(8) to filter with bridge(4) too.
--
Crist J. Clark | [
this? (so that conversation between hostA and
> hostB ended normally)
If hostB's stack is really broken, not sure what to do to fix it.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Sun, Apr 07, 2002 at 08:25:33PM -0500, Nick Rogness wrote:
>
> >On Sat, 6 Apr 2002, Crist J. Clark wrote:
> >> On Sat, Apr 06, 2002 at 01:57:44PM -0600, Nick Rogness wrote:
> >>
> >>> On Fri, Apr 05, 2002 at 06:48:09PM -0600 I heard the voice of
>
t.
>
> Yeh, I thought of that. The problem is packets never leave
> anywhere since the route for the other NIC is not "OUT" any
> interface...it is the machine itself.
Then never go over a _physical_ inteface, but they _do_ cross an
int
way or
another) using a 'fwd' rule. There still are some tricks to doing
this, but it's quite doable.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
have never seen terribly bad effects when cvsupping
> and doing other things. If there is something which goes to its
> knees, this is the disk.
On a previous Internet provider, I had silent PMTU issues somewhere
downstream. Ploss went through the roof when you got above 1
ing here. I think it is a
language and terminology barrier. What is a "real alias?"
> Then, I need to write a new node called ng_alias for example and use it for
> doing this staff.
>
> But perhaps I'm wrong with that or with RFC2338. If this is the case, can
> you correct
me host.
> My wish is to implement VRRP as clean as I can but there is some
> limitations...
> Any idea to implement that correctly under FreeBSD ?
One point. I don't see any reason to maintain the separate xl[01]
interfaces with other MAC addresses in this example.
--
Crist J. Clar
ould
be a really good way to try to implement it.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscri
are settable
> for each VRID.
IIRC, the exact MAC address of the virtual router as a function of
VRID is specified in the RFC?
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL
fciations. It does some very hackish things with BPF devices and
clobbering MAC addresses. If someone wants to do this The Right Way,
some of it definately needs to live in the kernel.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAI
operating system?
Are you saying when you try to add the route again,
# route add default
It doesn't actually show up in the routing table?
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cj
p]
> Should it be done so?
No. It now correctly flags the error. Thanks for tracking down the
code that did it.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
pt it gets translated to
192.0.2.12. Isn't that what you wanted?
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
On Tue, Mar 19, 2002 at 04:26:19PM +0700, Eugene Grosbein wrote:
> "Crist J. Clark" wrote:
>
> > > Would it be hard to implement this?
> >
> > Probably not too bad. Apparently no stampede for this functionality
> > though. There usually is not a lo
arched the web and found that under linux there are kernel modules, like
> ip_masq_quake.
>
> How could i make it under freebsd?
If it requires an application layer proxy, and you are using ipnat(8),
you can go look for IPFilter resources like,
[EMAIL PROTECTED] If you want to change to natd(8), yo
On Tue, Mar 19, 2002 at 02:31:12PM +0700, Eugene Grosbein wrote:
> "Crist J. Clark" wrote:
>
> > > Suppose we have many tens of separated private networks each having its own
> > > public address and own gateway. Is is possible to configure natd to do
> >
om all those networks?
You can run multiple natd(8)s and control which block each one
translates with their firewall divert(4) rules.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/
ipfw: 65435 Deny ICMP:5.0 router.ip.address host.ip.adress in via xl0
Run,
# tcpdump -nvv -ixl0 'icmp'
To see what packets are generating the redirects. You may wish to
change your routing accordingly.
--
Crist J. Clark | [EMAIL PROTECTED]
> this on a Sparc (or Alpha?) because of their endian is network byte
> order.
Well... It depends. Due to the nature of the checksum algorithm, it
really doesn't matter whether the data is in host order or network
order provided all of the data is stored consisten
the input, and the same perl command gives,
...
0x94a4
0xe8f1
0x3530
Which is correct, the ones-complement of 0xcacf.
Looks like your calculations are wrong.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://
default
syslog.conf(5), those messages will be in /var/log/messages.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
wit
rfaces on the same network with different IPs
> realIP1
> realIP2
You will need to run an individual instance of natd(8) for each
external physical interface.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebs
tuff. Duplicating the TCP and UDP
code in both would present an opportunity for drift and be difficult
to maintain.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Un
On Sun, Feb 24, 2002 at 10:47:02AM +0200, Ruslan Ermilov wrote:
> On Sat, Feb 23, 2002 at 07:25:20AM -0800, Crist J. Clark wrote:
[snip]
> > If you are correct, and you can cross interfaces, this is a much
> > bigger problem. I didn't mention it in your first mail, but
On Sun, Feb 24, 2002 at 10:49:21AM +0200, Ruslan Ermilov wrote:
> On Sat, Feb 23, 2002 at 03:49:55PM +0300, Maxim Konovalov wrote:
> > On 04:28-0800, Feb 23, 2002, Crist J. Clark wrote:
> >
> > > On Sat, Feb 23, 2002 at 01:50:33PM +0200, Ruslan Ermilov wrote:
> &g
function as used in the patch you sent is different
than the current implementation. in_broadacast() currently takes an
address and an interface. If you are correct, we'd have to loop
through the interface list... which makes this uglier.
--
Crist J. Clark | [EMAIL PROTE
;.
Then I would put that under the "misconfigured" header. The machine
you are pinging from would have to be local to 192.168.4.0/24 also,
why are you routing it through 192.168.1.1? But there may be some
situations that I have not considered where one might wish to do
that
still trying to figure out how
mutt came up with that header. Thanks.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/| [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
ination address is
robust. I have not examined the IPv6 code in this respect.
After the fix to FreeBSD is made and other *BSD's have ample time to
responde, I do plan to send a quick note on the subject to Bugtraq.
Thanks for reading. I look forward to comments on the fix.
--
Crist J
aders.
That rule sure looks like it is explicitly passing invalid
traffic. Unless someone can enlighten my ignorance here, I'm going to
nuke that rule.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebs
On Tue, Feb 19, 2002 at 10:25:13AM +0200, Ruslan Ermilov wrote:
> On Mon, Feb 18, 2002 at 11:35:54PM -0800, Crist J. Clark wrote:
[snip]
> > I'd personally prefer someone just fix lo0 so that,
> >
> > $ ifconfig lo0 inet 127.0.0.1
> >
> > Ac
On Mon, Feb 18, 2002 at 08:43:45PM -0800, Archie Cobbs wrote:
> Crist J. Clark writes:
> > No, RFC1122 is a set of requirements for hosts implementing _the
> > Internet protocol._
>
> OK...
>
> > > By your argument, the kernel should also block admin att
their machine in an unconventional
> way, why automatically assume they are doing something wrong?
>
> My vote is to not have any special cases in the kernel for 127/8...
> rc.conf, rc.network, rc.firewall, et. al. is fine, but nothing
> in the kernel.
You definately
1 - 100 of 150 matches
Mail list logo
