Show
Ignore:
Timestamp:
03/24/08 21:49:34 (8 months ago)
Author:
mbr
Message:

- Added MASQUERADE and SNAT support to compliment inbound DNAT connections
for SPA packets that request --Forward-access to internal systems. This
functionality is only enabled when ENABLE_IPT_FORWARDING is set, and is
governed by two new variables IPT_MASQUERADE_ACCESS and IPT_SNAT_ACCESS
which define the iptables interface to creating SNAT rules. By default,
the MASQUERADE target is used because this means that the external IP
does not have to be manually defined. However, is ENABLE_IPT_SNAT is
enabled, then the IPT_SNAT_ACCESS definitions are used, and the external
SNAT IP is defined by the SNAT_TRANSLATE_IP variable.
- When ENABLE_IPT_FORWARDING is set, added a check for the value of the
/proc/sys/net/ipv4/ip_forward file to ensure that the local system
allows packets to be forwarded. Unless ENABLE_PROC_IP_FORWARD is
disabled, then fwknopd will automatically set the ip_forward file to "1"
if it is set to "0" (again, only if ENABLE_IPT_FORWARDING is enabled).
- Minor bugfix to remove sys_log() call in legacy port knocking mode.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • fwknop/trunk/ChangeLog

    r1027 r1034  
     1fwknop-1.9.3 (03/2008): 
     2    - Added MASQUERADE and SNAT support to compliment inbound DNAT connections 
     3      for SPA packets that request --Forward-access to internal systems.  This 
     4      functionality is only enabled when ENABLE_IPT_FORWARDING is set, and is 
     5      governed by two new variables IPT_MASQUERADE_ACCESS and IPT_SNAT_ACCESS 
     6      which define the iptables interface to creating SNAT rules.  By default, 
     7      the MASQUERADE target is used because this means that the external IP 
     8      does not have to be manually defined.  However, is ENABLE_IPT_SNAT is 
     9      enabled, then the IPT_SNAT_ACCESS definitions are used, and the external 
     10      SNAT IP is defined by the SNAT_TRANSLATE_IP variable. 
     11    - When ENABLE_IPT_FORWARDING is set, added a check for the value of the 
     12      /proc/sys/net/ipv4/ip_forward file to ensure that the local system 
     13      allows packets to be forwarded.  Unless ENABLE_PROC_IP_FORWARD is 
     14      disabled, then fwknopd will automatically set the ip_forward file to "1" 
     15      if it is set to "0" (again, only if ENABLE_IPT_FORWARDING is enabled). 
     16    - Minor bugfix to remove sys_log() call in legacy port knocking mode. 
     17 
    118fwknop-1.9.2 (03/12/2008): 
    219    - Crypt::CBC adds the string "Salted__" to the beginning of the encrypted