From owner-freebsd-ipfw Sun Jan 30 1: 7:49 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 12F1B15A65; Sun, 30 Jan 2000 01:07:47 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 0522A1CD5C0; Sun, 30 Jan 2000 01:07:47 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sun, 30 Jan 2000 01:07:46 -0800 (PST) From: Kris Kennaway To: Omachonu Ogali Cc: "Rodney W. Grimes" , Brian Gallucci , FreeBSD , ipfw@FreeBSD.ORG Subject: Re: Hmmm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 16 Jan 2000, Omachonu Ogali wrote: > Windows isn't that retarded, it doesn't send incorrect IP headers out onto > the wire. Is your router connected to a hub at your ISP/uplink? Windows certainly is that retarded. At a previous workplace one of the machines (let's call it 1.2.3.4) would consistently try and transmit packets addressed to 4.3.2.1. That's gotta be the dumbest thing I've seen from M$.. Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Jan 30 6:49: 7 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from intranova.net (blacklisted.intranova.net [209.3.31.70]) by hub.freebsd.org (Postfix) with SMTP id 9B220151B0 for ; Sun, 30 Jan 2000 06:49:02 -0800 (PST) (envelope-from oogali@intranova.net) Received: (qmail 4844 invoked from network); 30 Jan 2000 09:51:21 -0000 Received: from hydrant.intranova.net (user7039@209.201.95.10) by blacklisted.intranova.net with SMTP; 30 Jan 2000 09:51:21 -0000 Date: Sun, 30 Jan 2000 09:47:41 -0500 (EST) From: Omachonu Ogali To: Kris Kennaway Cc: "Rodney W. Grimes" , Brian Gallucci , FreeBSD , ipfw@FreeBSD.ORG Subject: Re: Hmmm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Then your program is retarded since the byte order isn't being changed... Omachonu Ogali Intranova Networking Group On Sun, 30 Jan 2000, Kris Kennaway wrote: > On Sun, 16 Jan 2000, Omachonu Ogali wrote: > > > Windows isn't that retarded, it doesn't send incorrect IP headers out onto > > the wire. Is your router connected to a hub at your ISP/uplink? > > Windows certainly is that retarded. At a previous workplace one of the > machines (let's call it 1.2.3.4) would consistently try and transmit > packets addressed to 4.3.2.1. That's gotta be the dumbest thing I've > seen from M$.. > > Kris > > ---- > "How many roads must a man walk down, before you call him a man?" > "Eight!" > "That was a rhetorical question!" > "Oh..then, seven!" -- Homer Simpson > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Jan 30 7:15:39 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from MailAndNews.com (MailAndNews.com [199.29.68.160]) by hub.freebsd.org (Postfix) with ESMTP id 07FFA14DD2; Sun, 30 Jan 2000 07:15:36 -0800 (PST) (envelope-from mheffner@mailandnews.com) Received: from muriel.penguinpowered.com [208.138.198.103] (mheffner@mailandnews.com); Sun, 30 Jan 2000 10:15:30 -0500 X-WM-Posted-At: MailAndNews.com; Sun, 30 Jan 00 10:15:30 -0500 Content-Length: 1058 Message-ID: X-Mailer: XFMail 1.4.4 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Sun, 30 Jan 2000 10:17:20 -0500 (EST) Reply-To: Mike Heffner From: Mike Heffner To: Kris Kennaway Subject: Re: Hmmm Cc: ipfw@FreeBSD.ORG, FreeBSD , Brian Gallucci , "Rodney W. Grimes" , Omachonu Ogali Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 30-Jan-2000 Kris Kennaway wrote: | On Sun, 16 Jan 2000, Omachonu Ogali wrote: | |> Windows isn't that retarded, it doesn't send incorrect IP headers out onto |> the wire. Is your router connected to a hub at your ISP/uplink? | | Windows certainly is that retarded. At a previous workplace one of the | machines (let's call it 1.2.3.4) would consistently try and transmit | packets addressed to 4.3.2.1. That's gotta be the dumbest thing I've | seen from M$.. | This is an arp request from windows box on a 10/24 network: ARP: ar_hrd:1 ar_pro:2048 ar_hln:6 ar_pln:4 REQUEST 00:aa:fe:f5:f1:f3 ( 234.255.127.254 ) -> ff:ff:ff:ff:ff:ff (234.255.127.253 ) ETHER: 00:aa:00:14:1c:18 -> ff:ff:ff:ff:ff:ff notice the sha doesn't even equal the true src mac, the tha isn't 00's, and what's with the 234* ?? windows really choked on something. --------------------------------- Mike Heffner Fredericksburg, VA ICQ# 882073 Date: 30-Jan-2000 Time: 10:13:19 --------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Jan 30 12:42:39 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 7EAEE14D68; Sun, 30 Jan 2000 12:42:34 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 690CE1CD81C; Sun, 30 Jan 2000 12:42:34 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sun, 30 Jan 2000 12:42:34 -0800 (PST) From: Kris Kennaway To: Omachonu Ogali Cc: "Rodney W. Grimes" , Brian Gallucci , FreeBSD , ipfw@FreeBSD.ORG Subject: Re: Hmmm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 30 Jan 2000, Omachonu Ogali wrote: > Then your program is retarded since the byte order isn't being changed... This was netbios traffic :-P Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun Jan 30 13:18: 6 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.alpha.net.au (mail2.alpha.net.au [203.41.44.8]) by hub.freebsd.org (Postfix) with ESMTP id 981CA14A18; Sun, 30 Jan 2000 13:18:02 -0800 (PST) (envelope-from dannyh@idx.com.au) Received: from psych ([203.41.44.152]) by mail.alpha.net.au (8.9.3/8.9.3) with SMTP id IAA25051; Mon, 31 Jan 2000 08:19:11 +1100 Message-Id: <3.0.32.20000131081830.006ed674@idx.com.au> X-Sender: dannyh@idx.com.au X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 31 Jan 2000 08:18:56 +1100 To: freebsd-questions@FreeBSD.ORG From: Danny Subject: A News Server solution required --help Cc: ipfw@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, - - For a MailGateway they have AtDot. which is written in PERL and very good - I need a solution simlar to AtDot but so our clients can read off the News Server using a browser as the universial client. I would like it to be in PERL (so I can customize it). Question 1) Does anyone know where there are Free Code which does that? Looking ofrward to your feedback. Danny (dannyh@idx.com.au) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jan 31 8:32: 1 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from www.scancall.no (www.scancall.no [195.139.183.5]) by hub.freebsd.org (Postfix) with SMTP id 1CC5A14BC9 for ; Mon, 31 Jan 2000 08:31:58 -0800 (PST) (envelope-from marius@marius.scancall.no) Received: from marius.scancall.no [195.139.183.64] by www with smtp id BSWNAEWK; Mon, 31 Jan 00 16:30:15 GMT (PowerWeb version 4.04r6) Received: from localhost (marius@localhost) by marius.scancall.no (8.9.3/8.9.3) with ESMTP id RAA19288 for ; Mon, 31 Jan 2000 17:31:45 +0100 (CET) (envelope-from marius@marius.scancall.no) Date: Mon, 31 Jan 2000 17:31:44 +0100 (CET) From: Marius Bendiksen To: freebsd-ipfw@freebsd.org Subject: Contracted firewall hack Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG We've got a third party application which we need to route through our firewall, which is based on FreeBSD 3.4-R in a bridging setup. The application in question communicates over TCP port 1500, whence it requests a port for parts of the traffic sort of like what FTP does. We would be willing to pay to have a custom modification to the IPFW code which allows us to do this in a sensible manner. (I'm not on the list, so send any answers directly to me) Marius To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Jan 31 13:24:31 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from nameserver.austclear.com.au (nameserver.austclear.com.au [192.83.119.132]) by hub.freebsd.org (Postfix) with ESMTP id F3B6015048 for ; Mon, 31 Jan 2000 13:24:25 -0800 (PST) (envelope-from ahl@austclear.com.au) Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.70.1]) by nameserver.austclear.com.au (8.9.3/8.9.3) with ESMTP id IAA22377; Tue, 1 Feb 2000 08:24:22 +1100 (EST) Received: from tungsten (tungsten [192.168.70.1]) by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id IAA15485; Tue, 1 Feb 2000 08:24:04 +1100 (EST) Message-Id: <200001312124.IAA15485@tungsten.austclear.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: Marius Bendiksen Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Contracted firewall hack In-Reply-To: Message from Marius Bendiksen of "Mon, 31 Jan 2000 17:31:44 BST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 01 Feb 2000 08:24:03 +1100 From: Tony Landells Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > The application in question communicates over TCP port 1500, whence it > requests a port for parts of the traffic sort of like what FTP does. So have we--Sterling Commerce's CONNECT:Mailbox, which uses 10020 & 10021. > We would be willing to pay to have a custom modification to the IPFW > code which allows us to do this in a sensible manner. Our sensible manner is: cmhost=192.83.119.201/32 # IP address of CONNECT:Mailbox host cm_cmd=10021 # CONNECT:Mailbox command channel, like FTP 21 cm_data=10020 # CONNECT:Mailbox data channel, like FTP 20 $fwcmd add pass tcp from any to ${cmhost} ${cm_cmd} setup $fwcmd add pass tcp from ${cmhost} ${cm_data} to any setup This follows all the normal stuff to do anti-spoofing, etc. and assumes that there is a rule that says $fwcmd add pass tcp from any to any established I hope that helps, Tony To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Feb 17 1: 6: 4 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from biff.nerdpower.net (c13574-005.nerdpower.net [24.108.80.110]) by hub.freebsd.org (Postfix) with SMTP id 7828037B696 for ; Thu, 17 Feb 2000 01:05:57 -0800 (PST) (envelope-from jeff@nerdpower.com) Received: (qmail 36868 invoked by alias); 11 Feb 2000 01:02:07 -0000 Received: from flanders.nerdpower.net (HELO flanders) (24.108.80.209) by biff.nerdpower.net with SMTP; 11 Feb 2000 01:02:07 -0000 From: "Jeff Lush" To: Cc: Subject: natd -dynamic question Date: Thu, 10 Feb 2000 18:03:18 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello all, I would like to try setting up natd/ipfw for use behind a DHCP server, and was wondering what the -dynamic option for natd did? Any ideas would be appreciated. Thanks, Jeff Lush To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Feb 17 1:29:35 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from vail.net (vail.net [199.45.148.10]) by hub.freebsd.org (Postfix) with ESMTP id 899C337B624; Thu, 17 Feb 2000 01:29:30 -0800 (PST) (envelope-from ivanfetch@technologist.com) Received: from gatekeeper.cfcc.com (cfcc.com [204.144.216.251]) by vail.net (8.9.3/8.9.3) with ESMTP id CAA11443; Thu, 17 Feb 2000 02:24:47 -0700 (MST) Received: from ibis.ivanfetch.tzo.com (168.191.167.85 [168.191.167.85]) by gatekeeper.cfcc.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.1960.3) id FB03WJ6A; Thu, 17 Feb 2000 02:33:15 -0700 Date: Thu, 17 Feb 2000 02:28:00 -0700 (MST) From: Ivan Fetch X-Sender: ifetch@ibis.ivanfetch.tzo.com To: Jeff Lush Cc: freebsd-ipfw@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: natd -dynamic question In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, The -dynamic option basically watches for IP address changes on your "public" interface so that natd can make appropriate changes in it's address translations. This is exactly what you want for a DHCP address, which will probably change from time-to-time. If the dhcp address changes and you do not use -dynamic, natd will still be trying to forward using the old dhcp address. Your configuration can look something like this (as I do not know exactly what release of FreeBSD you are running this could be slightly different but I doubt it): in /etc/rc.conf: natd_enable="YES" # Enable natd natd_interface="ed1" # THe public interface to the Internet, replace with # your real one natd_flags="-f /etc/natd.conf" # Read more flags from this file Now we can put other natd rules in /etc/natd.conf to make life easier - This goes in /etc/natd.conf: unregistered_only yes dynamic If you have IP addresses on your internal network that are of the unregistered range of addresses (i.e. 192.168.0.X) those will now automatically be forwarded by natd. Hope this helps, Ivan. On Thu, 10 Feb 2000, Jeff Lush wrote: > Hello all, > > I would like to try setting up natd/ipfw for use behind a DHCP server, and > was wondering what the -dynamic option for natd did? Any ideas would be > appreciated. > > Thanks, > > Jeff Lush > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Feb 17 2: 7:58 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from relay.ucb.crimea.ua (UCB-Async4-CRISCO.CRIS.NET [212.110.129.130]) by hub.freebsd.org (Postfix) with ESMTP id 2222837B6ED; Thu, 17 Feb 2000 02:07:37 -0800 (PST) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.3/8.9.3/UCB) id MAA57745; Thu, 17 Feb 2000 12:07:06 +0200 (EET) (envelope-from ru) Date: Thu, 17 Feb 2000 12:07:06 +0200 From: Ruslan Ermilov To: Jeff Lush Cc: questions@FreeBSD.org Subject: Re: natd -dynamic question Message-ID: <20000217120706.B45267@relay.ucb.crimea.ua> Mail-Followup-To: Jeff Lush , questions@FreeBSD.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: ; from Ivan Fetch on Thu, Feb 17, 2000 at 02:28:00AM -0700 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [Please don't cross-post] On Thu, Feb 17, 2000 at 02:28:00AM -0700, Ivan Fetch wrote: > Hi, > The -dynamic option basically watches for IP address changes on your > "public" interface so that natd can make > appropriate changes in it's address translations. This is exactly what > you want for a DHCP address, which will probably change from > time-to-time. If the dhcp address changes and you do not use -dynamic, > natd will still be trying to forward using the old dhcp address. > In -current and 3.4-STABLE it also tracks "-interface"'s MTU. [...] > On Thu, 10 Feb 2000, Jeff Lush wrote: > > > Hello all, > > > > I would like to try setting up natd/ipfw for use behind a DHCP server, and > > was wondering what the -dynamic option for natd did? Any ideas would be > > appreciated. > > > > Thanks, > > > > Jeff Lush -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Feb 17 4:13: 2 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from biff.nerdpower.net (c13574-005.nerdpower.net [24.108.80.110]) by hub.freebsd.org (Postfix) with SMTP id EFF1E37B6B3 for ; Thu, 17 Feb 2000 04:13:00 -0800 (PST) (envelope-from jeff@nerdpower.com) Received: (qmail 37136 invoked by alias); 11 Feb 2000 02:53:40 -0000 Received: from flanders.nerdpower.net (HELO flanders) (24.108.80.209) by biff.nerdpower.net with SMTP; 11 Feb 2000 02:53:40 -0000 From: "Jeff Lush" To: Subject: ipfw and gre protocol Date: Thu, 10 Feb 2000 19:54:26 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I'm trying to setup VPN to an NT machine going through ipfw/natd. All documentation says to open the GRE protocol on the firewall; however, I can't find any documentation on how to enable the GRE protocol on all ports. Anyone have any ideas? Thanks, Jeff ================================ Jeff Lush, CNA, MCP nerdPOWER.com Web Developer Edmonton, Alberta, Canada mailto:jeff@nerdpower.com p:780.413.6373 http://www.nerdpower.com f:780.413.6374 Microsoft: Where do you want to go today? Linux: Where do you want to go tomorrow? FreeBSD: Are you guys coming or what? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Feb 17 6: 0:38 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from biff.nerdpower.net (c13574-005.nerdpower.net [24.108.80.110]) by hub.freebsd.org (Postfix) with SMTP id 78FBD37B6E2 for ; Thu, 17 Feb 2000 06:00:36 -0800 (PST) (envelope-from jeff@nerdpower.com) Received: (qmail 42241 invoked by alias); 12 Feb 2000 19:10:16 -0000 Received: from flanders.nerdpower.net (HELO flanders) (24.108.80.209) by biff.nerdpower.net with SMTP; 12 Feb 2000 19:10:16 -0000 From: "Jeff Lush" To: Subject: ipfw and the GRE protocol Date: Sat, 12 Feb 2000 10:54:17 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-Mimeole: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I'm trying to setup VPN to an NT machine going through ipfw/natd. All documentation says to open the GRE protocol on the firewall; however, I can't find any documentation on how to enable the GRE protocol on all ports. I would appreciate some advice. Thanks, Jeff Lush To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message