d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
221,089 Commits 4 Branches 49 Tags 2 GiB
56be1d347c
Commit Graph

143 Commits

Author SHA1 Message Date
charnier
c142aa48bd Use a more standard error message. Add FBSDID. 
Reviewed by:	ru
 2003-02-05 20:08:39 +00:00
ru
b0520b835c Fixed Charles' e-mail here too. 2003-01-23 08:35:21 +00:00
schweikh
d3367c5f5d Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, 
especially in troff files.
 2003-01-01 18:49:04 +00:00
ru
dfc3706596 can not -> cannot. 2002-08-13 14:10:36 +00:00
ru
07e77e0463 mdoc(7) police: canonize FreeBSD in e-mail address. 2002-08-13 12:07:40 +00:00
charnier
a2accd01f0 The .Nm utility 2002-07-06 19:34:18 +00:00
archie
b4544af31a Update my email address. 2002-07-03 20:50:32 +00:00
ru
27cb1b2c9f I don't know what the MAINTAINER means in src/ part of FreeBSD. 
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.

I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
 2002-04-12 19:11:09 +00:00
ru
40e62ac22c Back out part of the revision 1.2 changes -- sendto(2) can 
not return ENOBUFS for unreliable protocols like divert.

This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.

Spotted by:	chkno@dork.com
Explained by:	luigi
Reviewed by:	Ari Suutari <ari.suutari@syncrontech.com>
MFC after:	2 weeks
 2002-01-15 17:07:56 +00:00
ru
7f320fa871 s/sysctl -w/sysctl/ 2001-12-11 08:29:10 +00:00
obrien
9baf2f1b03 Default to WARNS=2. 
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
 2001-12-04 02:19:58 +00:00
ru
e129a9f15e Make -log_ipfw_denied active by default with -verbose. 
Discussed with:	phk
 2001-11-27 11:06:02 +00:00
ru
3c293c52fd Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
phk
10fe9ee3d2 Do not uselessly whine in syslog about packets denied by ipfw rules. 
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
 2001-10-31 16:08:49 +00:00
ru
4345758876 mdoc(7) police: 
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
 2001-08-07 15:48:51 +00:00
ru
7cef49ff86 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
joe
1f2cf25ced Revert the previous commit on objection from the maintainer. I 
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
 2001-06-21 12:32:36 +00:00
joe
687340bf5d When reporting that a packet can't be written back, usually because 
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
 2001-06-21 10:28:40 +00:00
ru
2d1b95a96f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
ru
86642a4ab4 - Backout botched attempt to introduce MANSECT feature. 
- MAN[1-9] -> MAN.
 2001-03-26 14:33:27 +00:00
ru
56b5d7535b Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
ru
8a6f8b5fe4 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
ru
ea31070695 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
ru
9c5e4a8b3f Describe -deny_incoming better, highlight some keywords, 
add myself to the AUTHORS section.
 2000-11-16 12:20:54 +00:00
ben
bd94b89a9a more removal of trailing periods from SEE ALSO. 2000-11-15 16:44:24 +00:00
ru
edc0cc6c36 Suggest looking at rc.conf(5) on how to start natd(8) during boot. 
Submitted by:	dcs
 2000-07-17 10:06:54 +00:00
kris
007293175c Don't call warn() with no format string. 2000-07-10 08:14:18 +00:00
ru
38b5153ff9 "Ease understanding" of how -punch_fw works. 
Reviewed by:	sheldonh
 2000-06-29 09:52:14 +00:00
ru
15462ff9cb Added new option (-punch_fw) which allows to `punch holes' 
in the ipfirewall(4) for incoming FTP/IRC DCC connections.

Submitted by:	Rene de Vries <rene@canyon.demon.nl>
Rewritten by:	ru
 2000-06-27 15:26:24 +00:00
ru
2bcb688f1c - mdoc(7) style cleanup 
- new version of security note from alex.
 2000-06-27 11:39:36 +00:00
alex
779ca545b4 Back out both previous commits. 
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.

Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.

Pointy hat:		alex
Beer on next meeting:	ru
 2000-06-26 17:18:34 +00:00
alex
3ff7ddfcc8 Add note about security concerns w/o a firewall but other machines 
on your LAN to the "RUNNING NATD" introduction.

In a different way requested by:
PR:		18802
Submitted by:	Zachary K Drew <drew0054@tc.umn.edu>
 2000-06-26 14:52:39 +00:00
alex
9c7df143c8 mdoc style cleanup. 
Reviewed by:	sheldonh
 2000-06-26 14:44:31 +00:00
ru
8f3a6df6e3 Remove ``pptpalias'' since this is now done transparently by libalias(3). 2000-06-20 12:52:27 +00:00
ru
646e21aa2b Remove unused parameter. 2000-06-16 09:41:57 +00:00
sheldonh
6d881bfeba Fix a small grammar nit, with the maintainer's implicit approval. 2000-05-22 08:41:57 +00:00
ru
9033edf3a8 Add new option (-target_addr) to control how to deal with incoming packets 
not associated with any pre-existing link.

Submitted by:	brian
 2000-05-18 10:31:10 +00:00
ru
1e594f519a New option: -redirect_proto. 2000-05-03 15:06:45 +00:00
joe
98328065bf Fixes a potential buffer overflow with the command line arguments. 
Submitted by:   Mike Heffner <spock@techfour.net>
Submitted on:   audit@freebsd.org
 2000-04-30 20:53:54 +00:00
ru
b3e08f68b8 Load Sharing using IP Network Address Translation (RFC 2391, LSNAT). 2000-04-27 17:55:17 +00:00
brian
b4b080a3ff Correct Charles Mott's email address 
Requested by: cmott@scientech.com
 2000-04-02 20:23:34 +00:00
sheldonh
ff1f324516 Remove single-space hard sentence breaks. These degrade the quality 
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
 2000-03-01 11:27:47 +00:00
brian
be10bd6804 Suggest ppp -nat, not ppp -alias 2000-02-26 13:13:16 +00:00
ru
45c27cda58 Remove the config file line length restriction. 
PR:		16900
Reviewed by:	"Crist J. Clark" <cjclark@home.com>, jkh
Approved by:	jkh
 2000-02-25 11:34:38 +00:00
ru
b1253d64a8 Now that kernel is capable of notifying user processes about 
the interface MTU change (src/sys/net/if_sl.c,v 1.83), track
interface MTU with -dynamic option as well.

PR:		15494
 2000-01-25 12:24:06 +00:00
mpp
741c8d6784 Minor grammar fix. 1999-10-30 19:33:41 +00:00
ru
173a5920a1 ioctl -> sysctl for interface address changes. 
PR:		14169
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
 1999-10-13 09:00:16 +00:00
ru
3fe86c67fe Fixed the description of how packets re-enter IP firewall filter. 
Suggested by:	Ari Suutari <ari@suutari.iki.fi>
 1999-10-06 09:26:39 +00:00
ru
b4f3a6f51b Do not defer setting of the aliasing address from 
interface name if not operating in dynamic mode.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
 1999-09-28 08:01:46 +00:00
ru
7b87c1c49f `permanent_link' is obsolete; update examples. 1999-09-13 18:18:33 +00:00
ru
c7cbaf245c Add Ari Suutari as a maintainer. 
Approved by:	Ari Suutari <ari@suutari.iki.fi>
 1999-09-13 18:16:38 +00:00
ru
7357a87ddf Config file parser changes: 
- Trailing spaces and empty lines are ignored.
- A `#' sign will mark the remaining of the line as a comment.

Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
 1999-09-07 15:34:12 +00:00
ru
5acd2873b4 Allow signals to interrupt system calls. 
Remove redundant signal() call.

PR:		6676
Submitted by:	luoqi
Reviewed by:	Ari Suutari <ari@suutari.iki.fi>
 1999-09-02 15:17:25 +00:00
peter
76f0c923fe $Id$ -> $FreeBSD$ 1999-08-28 00:22:10 +00:00
chris
ab6c4be83c Bad cross-reference of getservbyname(2) changed to getservbyname(3) 
Reviewed by:	ru
 1999-08-18 01:20:07 +00:00
ru
d9756ac21a Become a maintainer. 
Approved by:	brian
 1999-07-28 08:50:42 +00:00
ru
d4af6c2191 Back out previous commit. 1999-07-28 08:38:26 +00:00
brian
2cacc38393 Mention that data going from one internal address to another will 
not be processed by natd.
Requested by: Ludwig Pummer <ludwigp@bigfoot.com>
 1999-06-21 07:58:25 +00:00
archie
9cf3e81787 When incrementing through a SIOCGIFCONF list, enforce a lower limit of 
sizeof(ifr->ifr_addr) for the variable length field ifr->ifr_addr.sa_len.
Otherwise the increment will be wrong in certain cases.

Obtained from:  Whistle source tree
For the record: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> suggests
                SIOCGIFCONF should be dropped in favor of a sysctl mechanism.
 1999-06-05 05:55:07 +00:00
brian
2ff48aab7d Oops - missing parenthesis 1999-05-13 17:09:44 +00:00
brian
ff0afb282f /sbin/natd portrange documentation and bugfix 
Submitted by:	Ruslan Ermilov <ru@ucb.crimea.ua>
PR:		11690

3.2 candidate ?
 1999-05-13 16:58:31 +00:00
imp
d12a7ef464 More egcs warning fixes: 
o main returns int not void
	o use braces to avoid potentially ambiguous else

Note: The fix to natd is potentially functional in nature since I used
the indentation as the right thing rather than the struct semantics.
Someone more familiar with the code should double check me on this one.

Reviewed by: obrien and chuckr
 1999-04-25 22:33:30 +00:00
sada
ea6910c469 Typo of `same_ports' directive. 
Submitted by:	Masaki Nohtomi <noutomi@jbm-net.or.jp>
 1999-04-24 01:42:44 +00:00
eivind
51b9d2ad97 Add a comment that natd is made for use with NICs, not PPP links - I'm 
tired of the five people each day that ask me how to set up natd for
use with PPP.
 1999-04-08 23:15:31 +00:00
brian
9895dfa31e Disable reads on our ICMP socket. We only use it for sending. 
PR:	9253
 1999-03-30 10:11:21 +00:00
brian
edc6ba8438 Add `const's that I forgot to commit. Not bad - I broke 
the -stable and -current builds in the space of 1 day !

Pointed out by: jdp
 1999-03-26 07:13:12 +00:00
brian
16fa182f0f Add some const-cleanliness and avoid some warnings. 1999-03-24 20:30:48 +00:00
brian
43e9a1b892 Allow port ranges when specifying -redirect_port. 
Submitted by:	Wes Santee <wes@bogon.net>
PR:		9696
 1999-03-24 20:30:20 +00:00
brian
ffb312a7f1 Fix a diagnostic typo 
Submitted by:  Martin Machacek <mm@i.cz>
 1999-03-11 09:24:52 +00:00
brian
cd09c9b12d Upgrade (almost) to natd 2.0b1 
- Transparent proxy support.
  - PERMANENT_LINK IS NOW OBSOLETE, use redirect_port instead.
  - Drop support for early FreeBSD 2.2 versions
  - If separate input & output sockets are being used
    use them to find out packet direction instead of
    normal mechanism. This can be handy in complex environments
    with multiple interfaces.
  - PPTP redirect support by Dru Nelson <dnelson@redwoodsoft.com> added.
  - Logging enhancements from Martin Machacek <mm@i.cz> added.

Obtained from: Ari Suutari <ari@suutari.iki.fi>
 1999-03-07 18:23:56 +00:00
jkh
1c94975d98 Make this work with the new alias library since, evidently, we're 
not providing the backwards-compatability routines in libalias anymore
(which I think may have been a mistake).
 1999-02-27 22:37:38 +00:00
jkoshy
1aec4a37c4 Fix inconsistent port numbering in man page. 
PR: 7250
Submitted-by: Norihiro Kumagai <kuma@jp.freebsd.org>
 1998-07-15 03:32:45 +00:00
jkoshy
2449535dc8 Add $Id$. 
PR: 7249
 1998-07-14 08:18:51 +00:00
brian
32fa3677a8 Make things clearer. 
Submitted (some time ago) by: Ted Mittelstaedt <tedm@portsoft.com>
 1998-07-04 12:07:03 +00:00
brian
89cb3eea24 Suggest port 8668 rather than 6668 for natd. 
6668 is IRC.
 1998-07-04 01:53:54 +00:00
brian
4b10a45736 Fix incorrect flag spec 
PR:		6339 (part of)
Submitted by:	Chris Dillon <cdillon@wolves.k12.mo.us>
 1998-04-18 10:05:38 +00:00
charnier
6e321f37d4 .Sh AUTHOR -> .Sh AUTHORS. Use .An/.Aq. 1998-03-23 08:31:20 +00:00
brian
d284899e7c Make it clear that aliasing is done on the public interface, not 
the private one.
 1998-01-29 00:40:41 +00:00
alex
3314e9bde1 Added copyright (taken from natd.c). 
Approved by:	Ari Suutari <ari@suutari.iki.fi>
 1997-12-30 00:38:56 +00:00
alex
c74dfe8f29 Typo/$Id$ police. 1997-12-27 19:31:11 +00:00
brian
57e11ec3f7 natd 1_10 => 1_11 
Cosmetic style changes
  Use u_short for port values.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
 1997-12-10 02:14:57 +00:00
brian
5bdfd46476 Reverse my previous change and use htons() on an int 
instead of htonl() !

This results in the int a,b,c,d changing to b,a,c,d,
but as it's subsequently coerced to a u_short, the
ultimate answer is correct.

If this isn't fixed properly soon (by the author) I'll
have a look at it again.

Noted by:	eivind & ari@suutari.iki.fi
 1997-12-06 12:00:32 +00:00
brian
bfb6fd490e Use htonl() rather than htons(). 1997-11-13 11:43:02 +00:00
brian
044c4aaa12 Add -redirect_port and -redirect_address to the 
synopsis.
 1997-10-18 16:31:28 +00:00
charnier
473db3cc32 Use err(3). Change firewall to firewall_enable in man page according to 
/etc/rc.conf.
 1997-10-02 11:43:33 +00:00
wosch
8ee659dd96 Sort cross refereces in section SEE ALSO. 1997-09-29 19:11:55 +00:00
charnier
335b8fc3ac Typo. 1997-09-18 06:54:03 +00:00
brian
9d4f19ab22 Ingored incoming packets are now dropped when 
deny_incoming option is set to yes.
Submitted by:	Ari Suutari <ari@suutari.iki.fi>
 1997-09-06 11:14:03 +00:00
eivind
80ebcd3b3f Fix my e-mail address. Old work addres is no good. 1997-08-31 16:38:33 +00:00
brian
69210a7693 - Buffer space problem found by Sergio Lenzi <lenzi@bsi.com.br> 
fixed. Natd now waits with select(2) for buffer space
  to become available if write fails.
- Packet aliasing library upgraded to 2.2.

Submitted by:	Ari Suutari <suutari@iki.fi>
 1997-08-10 21:55:52 +00:00
brian
dc42cd84a9 Suggest using /etc/services entry rather than a 
number in the "ipfw add divert" example.
 1997-06-24 10:49:44 +00:00
jkh
f4c30626de sysconfig -> rc.conf 1997-06-22 14:40:27 +00:00
brian
59a701d2eb Bring natd into main source tree now that the 
pppd/natd combination works ok.

Submitted by:	Ari Suutari <ari.suutari@ps.carel.fi>
 1997-06-22 04:19:08 +00:00