d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
258,425 Commits 72 Branches 135 Tags 3.2 GiB
6d6cca3633
Commit Graph

147 Commits

Author SHA1 Message Date
Ruslan Ermilov
5105f9919f - Clarify the port range syntax in -redirect_port. 
PR:	docs/46286

- "IP number" -> "IP address", for consistency.
 2003-08-13 15:13:33 +00:00
Ruslan Ermilov
b79840a6db Added an option to specify an alternate PID file. 
PR:		bin/37159
Submitted by:	"Aleksandr A. Babaylov" <.@babolo.ru>
 2003-08-13 13:16:19 +00:00
Ruslan Ermilov
3d23e8b897 If the -proxy_only option is used, the -alias_address/-interface 
options are not required.

Suggested by:	Vaclav Petricek
MFC after:	2 weeks
 2003-06-13 22:15:42 +00:00
Ruslan Ermilov
01ba618f4a Don't pretend natd(8) doesn't work with ppp(8) interfaces. 
While there's probably a better way to achieve the same,
nothing precludes us from using natd(8) on tun(4) links.

Noticed by:	bde
 2003-02-28 15:41:45 +00:00
Philippe Charnier
29e3edcc64 Use a more standard error message. Add FBSDID. 
Reviewed by:	ru
 2003-02-05 20:08:39 +00:00
Ruslan Ermilov
496f81e0bb Fixed Charles' e-mail here too. 2003-01-23 08:35:21 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, 
especially in troff files.
 2003-01-01 18:49:04 +00:00
Ruslan Ermilov
e091d0c2ac can not -> cannot. 2002-08-13 14:10:36 +00:00
Ruslan Ermilov
aa7998d4a1 mdoc(7) police: canonize FreeBSD in e-mail address. 2002-08-13 12:07:40 +00:00
Philippe Charnier
e1205e80e5 The .Nm utility 2002-07-06 19:34:18 +00:00
Archie Cobbs
0099af422c Update my email address. 2002-07-03 20:50:32 +00:00
Ruslan Ermilov
99150dfb78 I don't know what the MAINTAINER means in src/ part of FreeBSD. 
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.

I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
 2002-04-12 19:11:09 +00:00
Ruslan Ermilov
3daff2423f Back out part of the revision 1.2 changes -- sendto(2) can 
not return ENOBUFS for unreliable protocols like divert.

This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.

Spotted by:	chkno@dork.com
Explained by:	luigi
Reviewed by:	Ari Suutari <ari.suutari@syncrontech.com>
MFC after:	2 weeks
 2002-01-15 17:07:56 +00:00
Ruslan Ermilov
e21a315ec5 s/sysctl -w/sysctl/ 2001-12-11 08:29:10 +00:00
David E. O'Brien
2d68bf45bf Default to WARNS=2. 
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
 2001-12-04 02:19:58 +00:00
Ruslan Ermilov
c0956cf876 Make -log_ipfw_denied active by default with -verbose. 
Discussed with:	phk
 2001-11-27 11:06:02 +00:00
Ruslan Ermilov
3843533e18 Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
Poul-Henning Kamp
84ef95bd6e Do not uselessly whine in syslog about packets denied by ipfw rules. 
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
 2001-10-31 16:08:49 +00:00
Ruslan Ermilov
c4d9468ea0 mdoc(7) police: 
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
 2001-08-07 15:48:51 +00:00
Ruslan Ermilov
9fe48c6e8d mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
Josef Karthauser
d782daf041 Revert the previous commit on objection from the maintainer. I 
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
 2001-06-21 12:32:36 +00:00
Josef Karthauser
dc2ea2d874 When reporting that a packet can't be written back, usually because 
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
 2001-06-21 10:28:40 +00:00
Ruslan Ermilov
eb0838029f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
Ruslan Ermilov
0a5779d45b - Backout botched attempt to introduce MANSECT feature. 
- MAN[1-9] -> MAN.
 2001-03-26 14:33:27 +00:00
Ruslan Ermilov
fe655281c5 Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
Ruslan Ermilov
d0353b836e mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
Ruslan Ermilov
7c7fb079b9 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
Ruslan Ermilov
d2a46bc99d Describe -deny_incoming better, highlight some keywords, 
add myself to the AUTHORS section.
 2000-11-16 12:20:54 +00:00
Ben Smithurst
32e5e4cfc3 more removal of trailing periods from SEE ALSO. 2000-11-15 16:44:24 +00:00
Ruslan Ermilov
ecd1fe62de Suggest looking at rc.conf(5) on how to start natd(8) during boot. 
Submitted by:	dcs
 2000-07-17 10:06:54 +00:00
Kris Kennaway
04d06bb686 Don't call warn() with no format string. 2000-07-10 08:14:18 +00:00
Ruslan Ermilov
f685a909b5 "Ease understanding" of how -punch_fw works. 
Reviewed by:	sheldonh
 2000-06-29 09:52:14 +00:00
Ruslan Ermilov
bc4ebb98dc Added new option (-punch_fw) which allows to `punch holes' 
in the ipfirewall(4) for incoming FTP/IRC DCC connections.

Submitted by:	Rene de Vries <rene@canyon.demon.nl>
Rewritten by:	ru
 2000-06-27 15:26:24 +00:00
Ruslan Ermilov
5a424c8cc0 - mdoc(7) style cleanup 
- new version of security note from alex.
 2000-06-27 11:39:36 +00:00
Alexander Langer
7731ee5af9 Back out both previous commits. 
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.

Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.

Pointy hat:		alex
Beer on next meeting:	ru
 2000-06-26 17:18:34 +00:00
Alexander Langer
54c593c69c Add note about security concerns w/o a firewall but other machines 
on your LAN to the "RUNNING NATD" introduction.

In a different way requested by:
PR:		18802
Submitted by:	Zachary K Drew <drew0054@tc.umn.edu>
 2000-06-26 14:52:39 +00:00
Alexander Langer
27d19e4e41 mdoc style cleanup. 
Reviewed by:	sheldonh
 2000-06-26 14:44:31 +00:00
Ruslan Ermilov
dc1a022582 Remove ``pptpalias'' since this is now done transparently by libalias(3). 2000-06-20 12:52:27 +00:00
Ruslan Ermilov
b0f55af68f Remove unused parameter. 2000-06-16 09:41:57 +00:00
Sheldon Hearn
3de0a719e7 Fix a small grammar nit, with the maintainer's implicit approval. 2000-05-22 08:41:57 +00:00
Ruslan Ermilov
11c2b3bf00 Add new option (-target_addr) to control how to deal with incoming packets 
not associated with any pre-existing link.

Submitted by:	brian
 2000-05-18 10:31:10 +00:00
Ruslan Ermilov
4330006d9e New option: -redirect_proto. 2000-05-03 15:06:45 +00:00
Josef Karthauser
30395bb5f1 Fixes a potential buffer overflow with the command line arguments. 
Submitted by:   Mike Heffner <spock@techfour.net>
Submitted on:   audit@freebsd.org
 2000-04-30 20:53:54 +00:00
Ruslan Ermilov
bd69051080 Load Sharing using IP Network Address Translation (RFC 2391, LSNAT). 2000-04-27 17:55:17 +00:00
Brian Somers
7ffac027b3 Correct Charles Mott's email address 
Requested by: cmott@scientech.com
 2000-04-02 20:23:34 +00:00
Sheldon Hearn
ef8f7ac935 Remove single-space hard sentence breaks. These degrade the quality 
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
 2000-03-01 11:27:47 +00:00
Brian Somers
a786a19657 Suggest ppp -nat, not ppp -alias 2000-02-26 13:13:16 +00:00
Ruslan Ermilov
d99cc1da8a Remove the config file line length restriction. 
PR:		16900
Reviewed by:	"Crist J. Clark" <cjclark@home.com>, jkh
Approved by:	jkh
 2000-02-25 11:34:38 +00:00
Ruslan Ermilov
6f3dbe5e1a Now that kernel is capable of notifying user processes about 
the interface MTU change (src/sys/net/if_sl.c,v 1.83), track
interface MTU with -dynamic option as well.

PR:		15494
 2000-01-25 12:24:06 +00:00
Mike Pritchard
2522bece25 Minor grammar fix. 1999-10-30 19:33:41 +00:00
Ruslan Ermilov
4c04fa4c1a ioctl -> sysctl for interface address changes. 
PR:		14169
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
 1999-10-13 09:00:16 +00:00
Ruslan Ermilov
04bf7dcfeb Fixed the description of how packets re-enter IP firewall filter. 
Suggested by:	Ari Suutari <ari@suutari.iki.fi>
 1999-10-06 09:26:39 +00:00
Ruslan Ermilov
f2da55a243 Do not defer setting of the aliasing address from 
interface name if not operating in dynamic mode.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
 1999-09-28 08:01:46 +00:00
Ruslan Ermilov
578d29dd12 `permanent_link' is obsolete; update examples. 1999-09-13 18:18:33 +00:00
Ruslan Ermilov
73d10c7f63 Add Ari Suutari as a maintainer. 
Approved by:	Ari Suutari <ari@suutari.iki.fi>
 1999-09-13 18:16:38 +00:00
Ruslan Ermilov
2e7e7c71ef Config file parser changes: 
- Trailing spaces and empty lines are ignored.
- A `#' sign will mark the remaining of the line as a comment.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
 1999-09-07 15:34:12 +00:00
Ruslan Ermilov
cd45c931f6 Allow signals to interrupt system calls. 
Remove redundant signal() call.

PR:		6676
Submitted by:	luoqi
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
 1999-09-02 15:17:25 +00:00
Peter Wemm
7f3dea244c $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
Chris Costello
a7d1f49705 Bad cross-reference of getservbyname(2) changed to getservbyname(3) 
Reviewed by:	ru
 1999-08-18 01:20:07 +00:00
Ruslan Ermilov
9ccbcc3ef1 Become a maintainer. 
Approved by:	brian
 1999-07-28 08:50:42 +00:00
Ruslan Ermilov
7591275ecb Back out previous commit. 1999-07-28 08:38:26 +00:00
Brian Somers
6664883843 Mention that data going from one internal address to another will 
not be processed by natd.
Requested by: Ludwig Pummer <ludwigp@bigfoot.com>
 1999-06-21 07:58:25 +00:00
Archie Cobbs
eed2b804bf When incrementing through a SIOCGIFCONF list, enforce a lower limit of 
sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len.
Otherwise the increment will be wrong in certain cases.

Obtained from:  Whistle source tree
For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests
                SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
 1999-06-05 05:55:07 +00:00
Brian Somers
29d97436c5 Oops - missing parenthesis 1999-05-13 17:09:44 +00:00
Brian Somers
9c501140f7 /sbin/natd portrange documentation and bugfix 
Submitted by:	Ruslan Ermilov <ru@ucb.crimea.ua>
PR:		11690

3.2 candidate ?
 1999-05-13 16:58:31 +00:00
Warner Losh
ebe70c8f68 More egcs warning fixes: 
o main returns int not void
	o use braces to avoid potentially ambiguous else

Note: The fix to natd is potentially functional in nature since I used
the indentation as the right thing rather than the struct semantics.
Someone more familiar with the code should double check me on this one.

Reviewed by: obrien and chuckr
 1999-04-25 22:33:30 +00:00
SADA Kenji
8ee64ab680 Typo of `same_ports' directive. 
Submitted by:	Masaki Nohtomi <noutomi@jbm-net.or.jp>
 1999-04-24 01:42:44 +00:00
Eivind Eklund
26b4eff640 Add a comment that natd is made for use with NICs, not PPP links - I'm 
tired of the five people each day that ask me how to set up natd for
use with PPP.
 1999-04-08 23:15:31 +00:00
Brian Somers
f3d640240b Disable reads on our ICMP socket. We only use it for sending. 
PR:	9253
 1999-03-30 10:11:21 +00:00
Brian Somers
7bafbf7bf4 Add `const's that I forgot to commit. Not bad - I broke 
the -stable and -current builds in the space of 1 day !

Pointed out by: jdp
 1999-03-26 07:13:12 +00:00
Brian Somers
902cb50a76 Add some const-cleanliness and avoid some warnings. 1999-03-24 20:30:48 +00:00
Brian Somers
5d8ee958b3 Allow port ranges when specifying -redirect_port. 
Submitted by:	Wes Santee <wes@bogon.net>
PR:		9696
 1999-03-24 20:30:20 +00:00
Brian Somers
b71e869d29 Fix a diagnostic typo 
Submitted by:  Martin Machacek <mm@i.cz>
 1999-03-11 09:24:52 +00:00
Brian Somers
59a7c61374 Upgrade (almost) to natd 2.0b1 
- Transparent proxy support.
  - PERMANENT_LINK IS NOW OBSOLETE, use redirect_port instead.
  - Drop support for early FreeBSD 2.2 versions
  - If separate input & output sockets are being used
    use them to find out packet direction instead of
    normal mechanism. This can be handy in complex environments
    with multiple interfaces.
  - PPTP redirect support by Dru Nelson <dnelson@redwoodsoft.com> added.
  - Logging enhancements from Martin Machacek <mm@i.cz> added.

Obtained from: Ari Suutari <ari@suutari.iki.fi>
 1999-03-07 18:23:56 +00:00
Jordan K. Hubbard
f627793d19 Make this work with the new alias library since, evidently, we're 
not providing the backwards-compatability routines in libalias anymore
(which I think may have been a mistake).
 1999-02-27 22:37:38 +00:00
Joseph Koshy
06d073b9a9 Fix inconsistent port numbering in man page. 
PR: 7250
Submitted-by: Norihiro Kumagai <kuma@jp.freebsd.org>
 1998-07-15 03:32:45 +00:00
Joseph Koshy
cdcd36c48e Add $Id$. 
PR: 7249
 1998-07-14 08:18:51 +00:00
Brian Somers
357f172839 Make things clearer. 
Submitted (some time ago) by: Ted Mittelstaedt <tedm@portsoft.com>
 1998-07-04 12:07:03 +00:00
Brian Somers
622366b81d Suggest port 8668 rather than 6668 for natd. 
6668 is IRC.
 1998-07-04 01:53:54 +00:00
Brian Somers
635225ca84 Fix incorrect flag spec 
PR:		6339 (part of)
Submitted by:	Chris Dillon <cdillon@wolves.k12.mo.us>
 1998-04-18 10:05:38 +00:00
Philippe Charnier
f12a14713b .Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq. 1998-03-23 08:31:20 +00:00
Brian Somers
f7d1db72cf Make it clear that aliasing is done on the public interface, not 
the private one.
 1998-01-29 00:40:41 +00:00
Alexander Langer
a228025e10 Added copyright (taken from natd.c). 
Approved by:	Ari Suutari <ari@suutari.iki.fi>
 1997-12-30 00:38:56 +00:00
Alexander Langer
f13f9fada7 Typo/$Id$ police. 1997-12-27 19:31:11 +00:00
Brian Somers
67a886fb97 natd 1_10 => 1_11 
Cosmetic style changes
  Use u_short for port values.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
 1997-12-10 02:14:57 +00:00
Brian Somers
27c20503c6 Reverse my previous change and use htons() on an int 
instead of htonl() !

This results in the int a,b,c,d changing to b,a,c,d,
but as it's subsequently coerced to a u_short, the
ultimate answer is correct.

If this isn't fixed properly soon (by the author) I'll
have a look at it again.

Noted by:	eivind & ari@suutari.iki.fi
 1997-12-06 12:00:32 +00:00
Brian Somers
5ae6fac1d7 Use htonl() rather than htons(). 1997-11-13 11:43:02 +00:00
Brian Somers
10cffc50d2 Add -redirect_port and -redirect_address to the 
synopsis.
 1997-10-18 16:31:28 +00:00
Philippe Charnier
0fc81af12d Use err(3). Change firewall to firewall_enable in man page according to 
/etc/rc.conf.
 1997-10-02 11:43:33 +00:00
Wolfram Schneider
bf5cbf3551 Sort cross refereces in section SEE ALSO. 1997-09-29 19:11:55 +00:00
Philippe Charnier
be9950897a Typo. 1997-09-18 06:54:03 +00:00
Brian Somers
f9b06d5cbe Ingored incoming packets are now dropped when 
deny_incoming option is set to yes.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
 1997-09-06 11:14:03 +00:00
Eivind Eklund
d6b01f404d Fix my e-mail address. Old work addres is no good. 1997-08-31 16:38:33 +00:00
Brian Somers
fb994b078f - Buffer space problem found by Sergio Lenzi <lenzi@bsi.com.br> 
fixed. Natd now waits with select(2) for buffer space
  to become available if write fails.
- Packet aliasing library upgraded to 2.2.

Submitted by:	Ari Suutari <suutari@iki.fi>
 1997-08-10 21:55:52 +00:00
Brian Somers
46b2c55966 Suggest using /etc/services entry rather than a 
number in the "ipfw add divert" example.
 1997-06-24 10:49:44 +00:00
Jordan K. Hubbard
c1b792b226 sysconfig -> rc.conf 1997-06-22 14:40:27 +00:00
Brian Somers
24084f9bfc Bring natd into main source tree now that the 
pppd/natd combination works ok.

Submitted by:	Ari Suutari <ari.suutari@ps.carel.fi>
 1997-06-22 04:19:08 +00:00