Commit Graph

102 Commits

Author SHA1 Message Date
phk
704b01603a Give natd multi-instance capabilities.
This makes it possible to do load-sharing on two xDSL lines etc.
2004-07-04 12:53:54 +00:00
hmp
b8388ce606 Use strlcpy(3) instead of strcpy(3).
PR:          	46761

Philipp Mergenthaler <philipp.mergenthaler@stud.uni-karlsruhe.de>
2004-05-10 22:33:12 +00:00
luigi
ce58934c26 Replace ROUNDUP/ADVANCE with SA_SIZE 2004-04-13 11:24:43 +00:00
johan
31854a224a style.Makefile(5):
Use WARNS?= instead of WARNS=.
2004-02-23 20:25:27 +00:00
marcus
e19a1e64d2 Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days
2003-09-23 07:41:55 +00:00
ru
44bb8d5b2a - Clarify the port range syntax in -redirect_port.
PR:	docs/46286

- "IP number" -> "IP address", for consistency.
2003-08-13 15:13:33 +00:00
ru
4618cdf9bb Added an option to specify an alternate PID file.
PR:		bin/37159
Submitted by:	"Aleksandr A. Babaylov" <.@babolo.ru>
2003-08-13 13:16:19 +00:00
ru
50a7b0b9b4 If the -proxy_only option is used, the -alias_address/-interface
options are not required.

Suggested by:	Vaclav Petricek
MFC after:	2 weeks
2003-06-13 22:15:42 +00:00
ru
bd0614a3d1 Don't pretend natd(8) doesn't work with ppp(8) interfaces.
While there's probably a better way to achieve the same,
nothing precludes us from using natd(8) on tun(4) links.

Noticed by:	bde
2003-02-28 15:41:45 +00:00
charnier
c142aa48bd Use a more standard error message. Add FBSDID.
Reviewed by:	ru
2003-02-05 20:08:39 +00:00
ru
b0520b835c Fixed Charles' e-mail here too. 2003-01-23 08:35:21 +00:00
schweikh
d3367c5f5d Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
ru
dfc3706596 can not -> cannot. 2002-08-13 14:10:36 +00:00
ru
07e77e0463 mdoc(7) police: canonize FreeBSD in e-mail address. 2002-08-13 12:07:40 +00:00
charnier
a2accd01f0 The .Nm utility 2002-07-06 19:34:18 +00:00
archie
b4544af31a Update my email address. 2002-07-03 20:50:32 +00:00
ru
27cb1b2c9f I don't know what the MAINTAINER means in src/ part of FreeBSD.
I'll still be overseeing the changes that go into natd(8) and
will maintain it the way I see it, non-preventing for the rest
of developers.

I will re-ask for the MAINTAINER bit if the ${MAINTAINER} gets
defined.
2002-04-12 19:11:09 +00:00
ru
40e62ac22c Back out part of the revision 1.2 changes -- sendto(2) can
not return ENOBUFS for unreliable protocols like divert.

This should fix an issue when natd(8) keeps spamming already
full dummynet(4) queues with the same packet forever.

Spotted by:	chkno@dork.com
Explained by:	luigi
Reviewed by:	Ari Suutari <ari.suutari@syncrontech.com>
MFC after:	2 weeks
2002-01-15 17:07:56 +00:00
ru
7f320fa871 s/sysctl -w/sysctl/ 2001-12-11 08:29:10 +00:00
obrien
9baf2f1b03 Default to WARNS=2.
Binary builds that cannot handle this must explicitly set WARNS=0.

Reviewed by:	mike
2001-12-04 02:19:58 +00:00
ru
e129a9f15e Make -log_ipfw_denied active by default with -verbose.
Discussed with:	phk
2001-11-27 11:06:02 +00:00
ru
3c293c52fd Fixed (local) style bugs in previous revision. 2001-11-27 11:00:16 +00:00
phk
10fe9ee3d2 Do not uselessly whine in syslog about packets denied by ipfw rules.
Set 'log_ipfw_denied' option if you want the old behaviour.

PR:	30255
Submitted by:	Flemming "F3" Jacobsen <fj@batmule.dk>
Reviewed by:	phk
MFC after:	4 weeks
2001-10-31 16:08:49 +00:00
ru
4345758876 mdoc(7) police:
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
2001-08-07 15:48:51 +00:00
ru
7cef49ff86 mdoc(7) police: removed HISTORY info from the .Os call. 2001-07-10 11:04:34 +00:00
joe
1f2cf25ced Revert the previous commit on objection from the maintainer. I
missed that natd has a -v option that will give similar functionality.

Requested by:	ru
2001-06-21 12:32:36 +00:00
joe
687340bf5d When reporting that a packet can't be written back, usually because
of a restrictive firewall rule, also report detail on the packet
that caused the failure.

MFC after:	3 days
2001-06-21 10:28:40 +00:00
ru
2d1b95a96f mdoc(7) police: normalize .Nd. 2001-04-18 15:54:10 +00:00
ru
86642a4ab4 - Backout botched attempt to introduce MANSECT feature.
- MAN[1-9] -> MAN.
2001-03-26 14:33:27 +00:00
ru
56b5d7535b Set the default manual section for sbin/ to 8. 2001-03-20 18:13:31 +00:00
ru
8a6f8b5fe4 mdoc(7) police: split punctuation characters + misc fixes. 2001-02-01 16:38:02 +00:00
ru
ea31070695 mdoc(7) police: use the new features of the Nm macro. 2000-11-20 16:52:27 +00:00
ru
9c5e4a8b3f Describe -deny_incoming better, highlight some keywords,
add myself to the AUTHORS section.
2000-11-16 12:20:54 +00:00
ben
bd94b89a9a more removal of trailing periods from SEE ALSO. 2000-11-15 16:44:24 +00:00
ru
edc0cc6c36 Suggest looking at rc.conf(5) on how to start natd(8) during boot.
Submitted by:	dcs
2000-07-17 10:06:54 +00:00
kris
007293175c Don't call warn() with no format string. 2000-07-10 08:14:18 +00:00
ru
38b5153ff9 "Ease understanding" of how -punch_fw works.
Reviewed by:	sheldonh
2000-06-29 09:52:14 +00:00
ru
15462ff9cb Added new option (-punch_fw) which allows to `punch holes'
in the ipfirewall(4) for incoming FTP/IRC DCC connections.

Submitted by:	Rene de Vries <rene@canyon.demon.nl>
Rewritten by:	ru
2000-06-27 15:26:24 +00:00
ru
2bcb688f1c - mdoc(7) style cleanup
- new version of security note from alex.
2000-06-27 11:39:36 +00:00
alex
779ca545b4 Back out both previous commits.
The first one got screwed up by me because of rev 1.33, which was
incorrectly merged into my patches by myself, and so Ruslan (maintainer)
asked me to back them out.

Ruslan was ok with the second one, but since it needs rework, it'll be
readded later, when it doesn't conflict with the backout of the first one.

Pointy hat:		alex
Beer on next meeting:	ru
2000-06-26 17:18:34 +00:00
alex
3ff7ddfcc8 Add note about security concerns w/o a firewall but other machines
on your LAN to the "RUNNING NATD" introduction.

In a different way requested by:
PR:		18802
Submitted by:	Zachary K Drew <drew0054@tc.umn.edu>
2000-06-26 14:52:39 +00:00
alex
9c7df143c8 mdoc style cleanup.
Reviewed by:	sheldonh
2000-06-26 14:44:31 +00:00
ru
8f3a6df6e3 Remove ``pptpalias'' since this is now done transparently by libalias(3). 2000-06-20 12:52:27 +00:00
ru
646e21aa2b Remove unused parameter. 2000-06-16 09:41:57 +00:00
sheldonh
6d881bfeba Fix a small grammar nit, with the maintainer's implicit approval. 2000-05-22 08:41:57 +00:00
ru
9033edf3a8 Add new option (-target_addr) to control how to deal with incoming packets
not associated with any pre-existing link.

Submitted by:	brian
2000-05-18 10:31:10 +00:00
ru
1e594f519a New option: -redirect_proto. 2000-05-03 15:06:45 +00:00
joe
98328065bf Fixes a potential buffer overflow with the command line arguments.
Submitted by:   Mike Heffner <spock@techfour.net>
Submitted on:   audit@freebsd.org
2000-04-30 20:53:54 +00:00
ru
b3e08f68b8 Load Sharing using IP Network Address Translation (RFC 2391, LSNAT). 2000-04-27 17:55:17 +00:00
brian
b4b080a3ff Correct Charles Mott's email address
Requested by: cmott@scientech.com
2000-04-02 20:23:34 +00:00