d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
107,380 Commits 72 Branches 135 Tags 3.2 GiB
bc4e3bb561
Commit Graph

102 Commits

Author SHA1 Message Date
phk
b2369d6e67 Give natd multi-instance capabilities. 
This makes it possible to do load-sharing on two xDSL lines etc.
 2004-07-04 12:53:54 +00:00
hmp
41dbd3c06e Use strlcpy(3) instead of strcpy(3). 
PR:          	46761

Philipp Mergenthaler <philipp.mergenthaler@stud.uni-karlsruhe.de>
 2004-05-10 22:33:12 +00:00
luigi
666306ed63 Replace ROUNDUP/ADVANCE with SA_SIZE 2004-04-13 11:24:43 +00:00
johan
1a1602ce7d style.Makefile(5): 
Use WARNS?= instead of WARNS=.
 2004-02-23 20:25:27 +00:00
marcus
429e15dea7 Add Cisco Skinny Station protocol support to libalias, natd, and ppp. 
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days
 2003-09-23 07:41:55 +00:00
ru
a25f0a15bd - Clarify the port range syntax in -redirect_port. 
PR:	docs/46286

- "IP number" -> "IP address", for consistency.
 2003-08-13 15:13:33 +00:00
ru
2ef02cd9c8 Added an option to specify an alternate PID file. 
PR:		bin/37159
Submitted by:	"Aleksandr A. Babaylov" <.@babolo.ru>
 2003-08-13 13:16:19 +00:00
ru
b5d0ba09ab If the -proxy_only option is used, the -alias_address/-interface 
options are not required.

Suggested by:	Vaclav Petricek
MFC after:	2 weeks
 2003-06-13 22:15:42 +00:00
ru
dc72b74185 Don't pretend natd(8) doesn't work with ppp(8) interfaces. 
While there's probably a better way to achieve the same,
nothing precludes us from using natd(8) on tun(4) links.

Noticed by:	bde
 2003-02-28 15:41:45 +00:00
charnier
a6e1001a61 Use a more standard error message. Add FBSDID. 
Reviewed by:	ru
 2003-02-05 20:08:39 +00:00
ru
b1d124786a Fixed Charles' e-mail here too. 2003-01-23 08:35:21 +00:00
schweikh
c353aec149 Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, 
especially in troff files.
 2003-01-01 18:49:04 +00:00
ru
8f6c4c0f03 can not -> cannot. 2002-08-13 14:10:36 +00:00
ru
2b3fc3cfff mdoc(7) police: canonize FreeBSD in e-mail address. 2002-08-13 12:07:40 +00:00
charnier
548d38d27c The .Nm utility 2002-07-06 19:34:18 +00:00
archie
6a67da7f9a Update my email address. 2002-07-03 20:50:32 +00:00
ru
b46cf1e859 I don't know what the MAINTAINER means in src/ part of FreeBSD. 
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.

I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
 2002-04-12 19:11:09 +00:00
ru
355d5a7bfe Back out part of the revision 1.2 changes -- sendto(2) can 
not return ENOBUFS for unreliable protocols like divert.

This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.

Spotted by:	chkno@dork.com
Explained by:	luigi
Reviewed by:	Ari Suutari <ari.suutari@syncrontech.com>
MFC after:	2 weeks
 2002-01-15 17:07:56 +00:00
ru
185a7f456d s/sysctl -w/sysctl/ 2001-12-11 08:29:10 +00:00
obrien
a537f22ad4 Default to WARNS=2. 
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
 2001-12-04 02:19:58 +00:00
ru
f630347cc2 Make -log_ipfw_denied active by default with -verbose. 
Discussed with:	phk
 2001-11-27 11:06:02 +00:00
ru
ce511dbe39 Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
phk
69ad4610c4 Do not uselessly whine in syslog about packets denied by ipfw rules. 
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
 2001-10-31 16:08:49 +00:00
ru
09d142dfd5 mdoc(7) police: 
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
 2001-08-07 15:48:51 +00:00
ru
cb3283b5da mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
joe
ce9a6c8de1 Revert the previous commit on objection from the maintainer. I 
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
 2001-06-21 12:32:36 +00:00
joe
dcbb32a317 When reporting that a packet can't be written back, usually because 
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
 2001-06-21 10:28:40 +00:00
ru
1db489053b mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
ru
e7c03cd6b0 - Backout botched attempt to introduce MANSECT feature. 
- MAN[1-9] -> MAN.
 2001-03-26 14:33:27 +00:00
ru
e2a472a47a Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
ru
b1c3961564 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
ru
d16dd614f6 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
ru
b9140212f2 Describe -deny_incoming better, highlight some keywords, 
add myself to the AUTHORS section.
 2000-11-16 12:20:54 +00:00
ben
6f0ff396c7 more removal of trailing periods from SEE ALSO. 2000-11-15 16:44:24 +00:00
ru
ebb3d17f41 Suggest looking at rc.conf(5) on how to start natd(8) during boot. 
Submitted by:	dcs
 2000-07-17 10:06:54 +00:00
kris
df586766ed Don't call warn() with no format string. 2000-07-10 08:14:18 +00:00
ru
9a969be497 "Ease understanding" of how -punch_fw works. 
Reviewed by:	sheldonh
 2000-06-29 09:52:14 +00:00
ru
e64c6de102 Added new option (-punch_fw) which allows to `punch holes' 
in the ipfirewall(4) for incoming FTP/IRC DCC connections.

Submitted by:	Rene de Vries <rene@canyon.demon.nl>
Rewritten by:	ru
 2000-06-27 15:26:24 +00:00
ru
4c99e0d01f - mdoc(7) style cleanup 
- new version of security note from alex.
 2000-06-27 11:39:36 +00:00
alex
0d49483c6e Back out both previous commits. 
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.

Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.

Pointy hat:		alex
Beer on next meeting:	ru
 2000-06-26 17:18:34 +00:00
alex
0a892f4a8a Add note about security concerns w/o a firewall but other machines 
on your LAN to the "RUNNING NATD" introduction.

In a different way requested by:
PR:		18802
Submitted by:	Zachary K Drew <drew0054@tc.umn.edu>
 2000-06-26 14:52:39 +00:00
alex
c57ce365c0 mdoc style cleanup. 
Reviewed by:	sheldonh
 2000-06-26 14:44:31 +00:00
ru
88883ae776 Remove ``pptpalias'' since this is now done transparently by libalias(3). 2000-06-20 12:52:27 +00:00
ru
0abf72a516 Remove unused parameter. 2000-06-16 09:41:57 +00:00
sheldonh
81dd124aeb Fix a small grammar nit, with the maintainer's implicit approval. 2000-05-22 08:41:57 +00:00
ru
e18cc21c76 Add new option (-target_addr) to control how to deal with incoming packets 
not associated with any pre-existing link.

Submitted by:	brian
 2000-05-18 10:31:10 +00:00
ru
20c0349981 New option: -redirect_proto. 2000-05-03 15:06:45 +00:00
joe
bac5045cd6 Fixes a potential buffer overflow with the command line arguments. 
Submitted by:   Mike Heffner <spock@techfour.net>
Submitted on:   audit@freebsd.org
 2000-04-30 20:53:54 +00:00
ru
35ea13cc5f Load Sharing using IP Network Address Translation (RFC 2391, LSNAT). 2000-04-27 17:55:17 +00:00
brian
2577c085b5 Correct Charles Mott's email address 
Requested by: cmott@scientech.com
 2000-04-02 20:23:34 +00:00