From owner-freebsd-net Tue Mar 14 1:29:32 2000 Delivered-To: freebsd-net@freebsd.org Received: from relay.ucb.crimea.ua (UCB-Async4-CRISCO.CRIS.NET [212.110.129.130]) by hub.freebsd.org (Postfix) with ESMTP id B758B37B5DF for ; Tue, 14 Mar 2000 01:28:56 -0800 (PST) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id LAA65257; Tue, 14 Mar 2000 11:21:53 +0200 (EET) (envelope-from ru) Date: Tue, 14 Mar 2000 11:21:52 +0200 From: Ruslan Ermilov To: Peter Schultz Cc: freebsd-net@FreeBSD.ORG Subject: Re: IPSTEALTH Message-ID: <20000314112152.A47602@relay.ucb.crimea.ua> Mail-Followup-To: Peter Schultz , freebsd-net@FreeBSD.ORG References: <20000314022446.B347@bebox.corpcomm.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <20000314022446.B347@bebox.corpcomm.net>; from Peter Schultz on Tue, Mar 14, 2000 at 02:24:47AM -0600 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Mar 14, 2000 at 02:24:47AM -0600, Peter Schultz wrote: > Hi, > > In my kernel configuration file I have: > options IPFILTER > options IPFILTER_LOG > options IPSTEALTH > > Does the IPSTEALTH option provide my LAN with increased > protection by doing NAT in such a way so as to make it > undetectible? Basically what I'm looking for is a blurb > on what makes IPSTEALTH special, and in what situations > it is best used. > src/sys/i386/conf/LINT is very clear about this option: # IPSTEALTH enables code to support stealth forwarding (i.e., forwarding # packets without touching the ttl). This can be useful to hide firewalls # from traceroute and similar tools. The associated code could be found in src/sys/netinet/ip_input.c, under the IPSTEALTH conditional. Cheers, -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message