Re: [CFR] whois(1) out-of-bound access patch
On Thu, Oct 04, 2001 at 01:02:56PM -0400, Garrett Wollman wrote: On Thu, 4 Oct 2001 12:19:33 -0400, Mike Barcroft [EMAIL PROTECTED] said: - printf(%s\n, buf); + printf(%.*s\n, (int)len, buf); This is a *much* better patch. ..yet it needs more work: strstr() and strcspn() are used on a non-null-terminated string. And even if those are fixed, additional work is done for each input line, instead of only for the lines that actually need it (at most one per session). G'luck, Peter -- This sentence contains exactly threee erors. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
bridge + transparent proxy with 4-stable
Hi, Recently I've installed new bridge+ipfw at office. It is configured as: outer network -- router -- bridge -- main hub --- inner network I installed FreeBSD 4.4-RELEASE and immediately update to 4-stable. Kernel configuration has: options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100#limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT#allow everything by default options IPV6FIREWALL#firewall for IPv6 options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_VERBOSE_LIMIT=100 options IPV6FIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT#divert sockets options DUMMYNET options BRIDGE And this machine has fxp0(outer), fxp1(inner) interface. Only fxp1 has IP address. Bridged firewall was successful; it works nicely. I wish to try one more thing: Transparent proxy via Squid. I've installed www/squid24 port. squid.conf has: http_port 127.0.0.1:3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on After running squid, I've added this rule at top of rules(output of ipfw -a list). 208.2.3.200(not real IP) is our firewall. 00500 0 0 allow tcp from 208.2.3.200 to any via fxp0 00550 173 11165 fwd 127.0.0.1,3128 tcp from 208.2.3.128/25 to any 80 via fxp1 As shown, rule 550 _filters_ packets, but it seems not to forward packets to 3128 ports(squid). All clients can go out with its IP, and nothing remains in squid log. Am I doing something wrong? I've searched many mailing lists(freebsd and squid) but I can't get good answers. p.s. I am doing NAT + Transparent Proxy in my home(ADSL). It works nicely. -- +++ Any opinions in this posting are my own and not those of my employers +++ CHOI Junho [sleeping now]http://www.kr.FreeBSD.org/~cjh [while sleeping] cjh @ kr.FreeBSD.ORG cjh @ FreeBSD.ORG cjh @ wdb.co.kr Korea FreeBSD Users Group www.kr.FreeBSD.org Web Data Bankwww.wdb.co.kr To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
Re: kernel welded?? (VERY off-topic)
firstly, my apologises for the misaddressed question to this list. The matter is already settled thanks to some list-friends which pointed me that the kernel_security_level (rc.conf) was the culprit. Under level 2 the kernel is set to 'unchangeable' - and no chflags are accepted either. Many thanks to all of you. And sorry for the inconvenience. Sounds like you booted it and its locked. Does FreeBSD do that? At 11:13 AM 10/4/2001 -0700, [EMAIL PROTECTED] wrote: I am completely blind and stuck: I was recompiling (2nd time) my kernel, when (make install) suddenly I was surprised with the following message: saudações, irado furioso com tudo linux user 179402 deus é construído à imagem e semelhança do homem. Principalmente em seus defeitos. por favor, clique aqui: http://www.thehungersite.com e aqui também: http://cf6.uol.com.br/umminuto/ Nettaxi would like to ask for your help in donations to the RED CROSS today! http://www.nyredcross.org/donate/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
Re: bridge + transparent proxy with 4-stable
CHOI Junho wrote: After running squid, I've added this rule at top of rules(output of ipfw -a list). 208.2.3.200(not real IP) is our firewall. 00500 0 0 allow tcp from 208.2.3.200 to any via fxp0 00550 173 11165 fwd 127.0.0.1,3128 tcp from 208.2.3.128/25 to any 80 via fxp1 As shown, rule 550 _filters_ packets, but it seems not to forward packets to 3128 ports(squid). All clients can go out with its IP, and nothing remains in squid log. Bridging and transparent proxying are incompatible. -- Hroi Sigurdsson [EMAIL PROTECTED] Netgroup A/S http://www.netgroup.dk To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
FreeBSD divert, redir, what?? :-\
maybe just my pain, but I am perusing everywhere (http://groups.google.com), also faq's, tutorials and so on, but I am not able to get a single reply (maybe I am too newbie even for the man pages - I cannot apply it to my question): I need to mount a server in a (sort of) dmz, serving http, pop3 and smtp for both sides of a firewall (the public and the private), like this: /internet/---/firewall/---internal lan (192.168.1.0) | |--/server(s) 192.168.2.0) any request to the external ip for any available service must be addressed to the 192.168.2.0. Also, any request from 192.168.1.0 *must* be addressed to the 192.168.2.0 Anybody please can point me out to any document, tutorial, easy-hands-on on the subject?? Even RTFM will help, *if* mentioning the correct expression which must be searched. saudações, irado furioso com tudo linux user 179402 deus é construído à imagem e semelhança do homem. Principalmente em seus defeitos. por favor, clique aqui: http://www.thehungersite.com e aqui também: http://cf6.uol.com.br/umminuto/ Nettaxi would like to ask for your help in donations to the RED CROSS today! http://www.nyredcross.org/donate/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
Re: ifconfig quirks
When you use numbers with a zero (0) as the first caracter, the C language think that is in octal. 007 in octal = 7 in decimal 034 in octal = 24 in decimal ... ... Then, use the ifconfig without the zero (0) in the first caracter On Fri, 5 Oct 2001, Matthew wrote: I just wanted to point out something strange I ran into on my test network with release 4.4. if I use ifconfig xl1 inet 10.0.0.007 netmask 255.255.255.0 I get upon looking at the adapter inet 10.0.0.7 netmask 0xff00 broadcast 10.0.0.255 however when I use ifconfig xl1 inet 10.0.0.034 netmask 255.255.255.0 I get inet 10.0.0.28 netmask 0xff00 broadcast 10.0.0.255 and yet again if I use ifconfig xl1 inet 10.0.0.52 netmask 255.255.255.0 I get inet 10.0.0.42 netmask 0xff00 broadcast 10.0.0.255 and a third time I use ifconfig xl1 inet 10.0.0.61 netmask 255.255.255.0 and I get inet 10.0.0.49 netmask 0xff00 broadcast 10.0.0.255 I have done this on three different freebsd 4.4 release machines with the exact same results on each. if I do not use the leading zero's in the last octet it works correctly. However I have at least three nics in each machine with multiple ip's on most interfaces to simulate my existing network so it would be nice to be able to use them as place holders to make the files look a bit cleaner. Cheers, Matthew To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
multihomed, multirouted and balanced FreeBSD??
A friend of mine wants to exchange their's multi-homed linux box for a new FBSD one. The defy: 4 nic - 3 pointing to ADSL linkz (fixed ip), last one pointing to internal lan. Questions: Is it possible to have so many nic in a single FreeBSD box? How to enable 3 different routes there?? As far as I understood the original question, people there do not want a 'default' route - they will preffer some thing like 'automagic' routing: the available one will be the one for the (internal) box, if it is possible. Something like 'less-costing' path?? Hmm.. Can you please point me to the right white papers, how-to, recipes, hands-on, on the subject?? saudações, irado furioso com tudo linux user 179402 deus é construído à imagem e semelhança do homem. Principalmente em seus defeitos. por favor, clique aqui: http://www.thehungersite.com e aqui também: http://cf6.uol.com.br/umminuto/ Nettaxi would like to ask for your help in donations to the RED CROSS today! http://www.nyredcross.org/donate/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message
Re: multihomed, multirouted and balanced FreeBSD??
On Fri, 5 Oct 2001 20:01:57 + (UTC), in sentex.lists.freebsd.net you wrote: A friend of mine wants to exchange their's multi-homed linux box for a new FBSD one. The defy: 4 nic - 3 pointing to ADSL linkz (fixed ip), last one pointing to internal lan. Questions: Is it possible to have so many nic in a single FreeBSD box? Why would you think its not possible ? You have cram lots of nics in almost any operating system and have multiple interfaces. How to enable 3 different routes there?? Use a dynamic routing protocol rip,ripng,ospf, bgp. As far as I understood the original question, people there do not want a 'default' route read up on the above dynamic routing protocols. Cisco has some good books on BGP and OSPF as well as many online documents. You can use zebra for similar routing on FreeBSD (www.zebra.org) ---Mike Mike Tancsa ([EMAIL PROTECTED]) Sentex Communications Corp, Waterloo, Ontario, Canada Given enough time, 100 monkeys on 100 routers could setup a national IP network. (KDW2) To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-net in the body of the message