*BSD News Article 97398


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.mel.aone.net.au!news.mira.net.au!pumpkin.pangea.ca!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!feed1.news.erols.com!news.nl.innet.net!INnl.net!feed1.news.innet.be!INbe.net!stns.news.pipex.net!warm.news.pipex.net!pipex!tank.news.pipex.net!pipex!news.utell.co.uk!usenet
From: brian@shift.utell.net (Brian Somers)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: IP Masquerading / pppd question.
Date: 9 Jun 1997 09:35:32 GMT
Organization: Awfulhak Ltd.
Lines: 35
Message-ID: <5ngip4$ot9@ui-gate.utell.co.uk>
References: <56C9CA986E73CBFD.44AB054E609535D9.884CF6F4EEE1F07B@library-proxy.airnews.net>
    <3395EAA5.1CFBAE39@FreeBSD.org> <5ndsi3$9ee$1@Venus.mcs.net>
Reply-To: brian@awfulhak.org, brian@utell.co.uk
NNTP-Posting-Host: shift.utell.net
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Newsreader: knews 0.9.8
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:42635

In article <5ndsi3$9ee$1@venus.mcs.net>,
	Font <font.ReMoVeThIsPaRt@mcs.net> writes:
> "Jordan K. Hubbard" <jkh@FreeBSD.org> writes:
> 
>>David Henshaw wrote:
>>> I would like to allow the XT to telnet directly to my ISP using the
>>> FreeBSD box as a gateway.  Currently this is not working.
>>> 
>>> Can someone fill me in as to what I need to do ?
> 
>>You need to upgrade to FreeBSD 2.2.2 and use ppp's -alias option.
>>You can't do what you want to do with 2.1.5.
> 
> On a related note, rlogin (with the insecure .rhosts) fails when using
> ppp -alias fails on both the aliased and actual boxes.  ppp without
> -alias works fine.  Can anyone offer an explanation (or workaround)
> for this, or is it tcpdump time?

The explaination is that the rpc protocol requires the connection to
come from a know port.  This is a rather feeble and anoying attempt
at security.....  the alias library broke this.

In -current, and in 2.2 (what will be the next 2.2 release) there is
now a libalias.  This is Charles Motts latest library (v2.1) and
includes (among lots of other goodies) the ability to keep the
current port (if possible).

Rlogin et al work fine.

A good workaround is to use ssh (AFAIK) :)

-- 
Brian <brian@awfulhak.org> <brian@freebsd.org>
      <http://www.awfulhak.org>
Don't _EVER_ lose your sense of humour !