On Fri, May 24, 2002 at 05:40:24PM +1000, Andrew Smith wrote:
> Sorry - not really netfilter related ...
> But I was wondering if you meant that typical ISP's in the USA use
> egress filters to stop people from supplying a source IP address that is
> not directly assigned to them and thus stop any
> On Wednesday 22 May 2002 14:47, Ben Reser wrote:
>> On Wed, May 22, 2002 at 03:36:51PM +0800, Fabrice MARIE wrote:
>> > Well, say your firewall is 202.58.4.3,
>> > your webservers are 202.58.4.7-20 and all traffic from outside to
>> > your webservers is filtered by your firewall.
>> > Now you ca
On Wednesday 22 May 2002 08:27, Ben Reser wrote:
> On Wed, May 22, 2002 at 02:56:28PM +0800, Fabrice MARIE wrote:
> > Here's a patch from Guilaumme Morin that updates
> > my previous 'send icmp unreach* with fake source IP' patch,
> > so that on top of being able to specify manually which
> > fake
On Wed, May 22, 2002 at 02:56:28PM +0800, Fabrice MARIE wrote:
>
> Hello,
>
> Here's a patch from Guilaumme Morin that updates
thanks, patch applied.
> Fabrice MARIE
--
Live long and prosper
- Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/
===
On Wednesday 22 May 2002 14:47, Ben Reser wrote:
> On Wed, May 22, 2002 at 03:36:51PM +0800, Fabrice MARIE wrote:
> > Well, say your firewall is 202.58.4.3,
> > your webservers are 202.58.4.7-20 and all traffic from outside to your
> > webservers is filtered by your firewall.
> > Now you can tell
On Wed, May 22, 2002 at 03:36:51PM +0800, Fabrice MARIE wrote:
> Well, say your firewall is 202.58.4.3,
> your webservers are 202.58.4.7-20 and all traffic from outside to your webservers
> is filtered by your firewall.
> Now you can tell your firewall :
>
> if packet src != trusted and dest=202.
Hello,
On Wednesday 22 May 2002 14:27, Ben Reser wrote:
> > [...]
> > it is now possible to fake the source IP dynamically
> > (using the dest of the original packet as the fake
> > source IP), as per explained in this thread :
> > http://lists.samba.org/pipermail/netfilter/2002-February/020237.
On Wed, May 22, 2002 at 02:56:28PM +0800, Fabrice MARIE wrote:
> Here's a patch from Guilaumme Morin that updates
> my previous 'send icmp unreach* with fake source IP' patch,
> so that on top of being able to specify manually which
> fake source IP should be set on the icmp unreach,
> it is now p
Hello,
Here's a patch from Guilaumme Morin that updates
my previous 'send icmp unreach* with fake source IP' patch,
so that on top of being able to specify manually which
fake source IP should be set on the icmp unreach,
it is now possible to fake the source IP dynamically
(using the dest of the