From owner-freebsd-ipfw@FreeBSD.ORG Sun Jul 25 02:27:52 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8A7216A4CE for ; Sun, 25 Jul 2004 02:27:52 +0000 (GMT) Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id B100243D62 for ; Sun, 25 Jul 2004 02:27:52 +0000 (GMT) (envelope-from mcc@fid4.com) Received: from fid4.com (h006097296569.ne.client2.attbi.com[24.128.217.183]) by comcast.net (rwcrmhc11) with SMTP id <200407250227490130025ebqe> (Authid: m.cambria); Sun, 25 Jul 2004 02:27:50 +0000 Message-ID: <41031A1D.8030608@fid4.com> Date: Sat, 24 Jul 2004 22:25:33 -0400 From: "Michael C. Cambria" User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: ipfw STUN Firewall/NAT Type X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jul 2004 02:27:53 -0000 Is there any documentation on what type of nat ifpw/nat is? At present, I'm using FreeBSD 4.10-Stable and ipfw (not ipfw2) For example, if rc.conf had just the bare minimum: firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" what would a STUN client on a private subnet see ipfw/nat as, a Full Cone, Restricted Cone, Port Restricted Cone or Symmetric NAT? I've tried with a few stun clients myself, but get conflicting results. I'm interested in what ipfw/nat is meant to be? Thanks, MikeC From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 26 11:02:13 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9FE0E16A4CE for ; Mon, 26 Jul 2004 11:02:13 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98A8343D2D for ; Mon, 26 Jul 2004 11:02:13 +0000 (GMT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.11/8.12.11) with ESMTP id i6QB2D1u027152 for ; Mon, 26 Jul 2004 11:02:13 GMT (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i6QB2Caf027146 for ipfw@freebsd.org; Mon, 26 Jul 2004 11:02:12 GMT (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 26 Jul 2004 11:02:12 GMT Message-Id: <200407261102.i6QB2Caf027146@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: ipfw@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Jul 2004 11:02:13 -0000 Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [2002/12/27] kern/46557 ipfw ipfw pipe show fails with lots of queues o [2003/04/22] kern/51274 ipfw ipfw2 create dynamic rules with parent nu f [2003/04/24] kern/51341 ipfw ipfw rule 'deny icmp from any to any icmp o [2003/12/11] i386/60154 ipfw ipfw core (crash) o [2004/03/03] kern/63724 ipfw IPFW2 Queues dont t work o [2004/03/14] kern/64240 ipfw IPFW tee terminates rule processing 6 problems total. Non-critical problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- a [2001/04/13] kern/26534 ipfw Add an option to ipfw to log gid/uid of w o [2002/12/07] kern/46080 ipfw [PATCH] logamount in ipfw2 does not defau o [2002/12/10] kern/46159 ipfw ipfw dynamic rules lifetime feature o [2002/12/27] kern/46564 ipfw IPFilter and IPFW processing order is not o [2003/02/11] kern/48172 ipfw ipfw does not log size and flags o [2003/03/10] kern/49086 ipfw [patch] Make ipfw2 log to different syslo o [2003/03/12] bin/49959 ipfw ipfw tee port rule skips parsing next rul o [2003/04/09] bin/50749 ipfw ipfw2 incorrectly parses ports and port r o [2003/08/26] kern/55984 ipfw [patch] time based firewalling support fo o [2003/12/30] kern/60719 ipfw ipfw: Headerless fragments generate cryp o [2004/01/12] kern/61259 ipfw [patch] make "ipfw tee" work as intended o [2004/03/09] kern/63961 ipfw ipfw2 uid matching doesn't work correctly 12 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Fri Jul 30 07:40:17 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B4B316A4CE for ; Fri, 30 Jul 2004 07:40:17 +0000 (GMT) Received: from mx1.mail.ru (mx1.mail.ru [194.67.23.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3DA0F43D4C for ; Fri, 30 Jul 2004 07:40:17 +0000 (GMT) (envelope-from h-k@mail.ru) Received: from [213.247.182.194] (port=1828 helo=213.247.182.194) by mx1.mail.ru with esmtp id 1BqRz8-000Cwn-00 for freebsd-ipfw@freebsd.org; Fri, 30 Jul 2004 11:39:22 +0400 Date: Fri, 30 Jul 2004 11:41:17 +0400 From: dawnshade X-Mailer: The Bat! (v2.00) CD5BF9353B3B7091 X-Priority: 3 (Normal) Message-ID: <193689194509.20040730114117@mail.ru> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam: Not detected Subject: strange behaivor ipfw2 counters X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: dawnshade List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Jul 2004 07:40:17 -0000 Hello all, FreeBSD 4.9-RELEASE-p7, with ipfw2 in kernel. I have 2 counters: 00001 5900 1623729 count ip from any to any in recv cp1 00002 130 9768 count ip from any to any out xmit cp1 cp1 - external interface, no nat, route real IP adresses. When i download via http from this router counter 2 increasing, but when download from client behind this router via ftp counter 2 increasing, but _very_ small. This value (9768) i got after downloading ~3.5 Meg. No any dynamic routing, only one channel to world: -|internet|-(cp1 router fxp0)- \- All computers above have a real IP adresses. What I doing wrong?? Try to search any PR, but didn't find :( P.S. Sorry for terrible English. ---------- Best regards, dawnshade mailto:h-k@mail.ru From owner-freebsd-ipfw@FreeBSD.ORG Sat Jul 31 20:20:03 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2A65716A4CE for ; Sat, 31 Jul 2004 20:20:03 +0000 (GMT) Received: from shellma.zin.lublin.pl (shellma.zin.lublin.pl [212.182.126.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9709943D6E for ; Sat, 31 Jul 2004 20:19:57 +0000 (GMT) (envelope-from pawmal-posting@freebsd.lublin.pl) Received: by shellma.zin.lublin.pl (Postfix, from userid 1018) id B86043474C1; Fri, 30 Jul 2004 22:45:01 +0200 (CEST) Date: Fri, 30 Jul 2004 22:45:01 +0200 From: Pawel Malachowski To: freebsd-ipfw@freebsd.org Message-ID: <20040730204501.GB18079@shellma.zin.lublin.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4.2i Subject: ipfw(8) man page, space between IP address and dot. X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jul 2004 20:20:03 -0000 Hello, Are these spaces between IP address and dot (ending sentence) intentional and correct? % zgrep -ER '[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\ +\.' /usr/share/man/cat* /usr/share/man/cat8/ipfw.8.gz: 1.2.3.0 to 1.2.3.127 . /usr/share/man/cat8/ipfw.8.gz: 1.2.3.128, 1.2.3.35 to 1.2.3.55, 1.2.3.89 . In other man pages there is no such space: % zgrep -ER '[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+\.' /usr/share/man/cat* /usr/share/man/cat1/tcpdump.1.gz: address 128.32.137.3. The total size of the response was 273 bytes, /usr/share/man/cat4/bpf.4.gz: 128.3.112.35. /usr/share/man/cat5/named.conf.5.gz: (`.''), such as 123, 45.67 or 89.123.45.67. /usr/share/man/cat5/named.conf.5.gz: 127.0.0.0 with netmask 255.0.0.0. 1.2.3.0/28 is network 1.2.3.0 with /usr/share/man/cat5/named.conf.5.gz: netmask 255.255.255.240. /usr/share/man/cat5/named.conf.5.gz: port 1234 of an address on the machine in net 1.2 that is not 1.2.3.4. /usr/share/man/cat5/ipnat.5.gz: This would send alternate connections to either 203.1.2.3 or 203.1.2.4. /usr/share/man/cat5/ipnat.5.gz: 203.1.2.4 and then 203.1.2.5 before going back to 203.1.2.3. In accom- /usr/share/man/cat8/route.8.gz: 192.168.64/20 is interpreted as -net 192.168.64 -netmask 255.255.240.0. /usr/share/man/cat8/natd.8.gz: machine 10.0.0.8. /usr/share/man/cat8/natd.8.gz: would specify an alias address of 158.152.17.1. Options that /usr/share/man/cat8/ppp.8.gz: only accept an address of 192.244.177.38. /usr/share/man/cat8/ppp.8.gz: and won't permit the use of any IP address but 192.244.177.2. When /usr/share/man/cat8/ppp.8.gz: uses 192.244.177.2. /usr/share/man/cat8/ppp.8.gz: 192.244.177.255. /usr/share/man/cat8/ppp.8.gz: 192.244.191.255. -- Paweł Małachowski