cvs commit: src/sys/netinet ip_input.c (fwd)
Attila Nagy
bra at fsn.hu
2001. Már. 5., H, 12:40:08 CET
Annak, aki ipnattal redirectel es 127.0.0.0/8-as IP-t hasznal.
--------------------------------------------------------------------------
Attila Nagy e-mail: Attila.Nagy at fsn.hu
Budapest Polytechnic (BMF.HU) @work: +361 210 1415 (194)
H-1084 Budapest, Tavaszmezo u. 15-17. cell.: +3630 306 6758
---------- Forwarded message ----------
Date: Sun, 4 Mar 2001 16:04:49 -0800
From: Don Lewis <Don.Lewis at tsc.tdk.com>
To: Attila Nagy <bra at fsn.hu>, Don Lewis <truckman at FreeBSD.org>
Subject: Re: cvs commit: src/sys/netinet ip_input.c
On Mar 4, 6:16pm, Attila Nagy wrote:
} Subject: Re: cvs commit: src/sys/netinet ip_input.c
} Hello,
}
} > Explicitly block packets sent to the loopback network sent from the outside,
} > which is consistent with the behavior of the forwarding path between
} > interfaces as implemented in in_canforward().
} I have several jails on my machine, with 127.x.y.z addresses, running on
} lo0 interface.
} In those jails everything runs with UID other than 0 and binds to high
} ports like 65000. I use IPF redirection (with ipnat) to redirect traffic
} sent to the public IF to the public address to the jail's 127.x.y.z IP.
}
} Will the above commit break this?
Sigh ... I looked through the code and it looks like this check will
break ipnat. The check will have to be moved closer to the beginning
of ip_input(), before ipnat happens.
További információk a(z) BSD levelezőlistáról