Article delegate-en/1750 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1658@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Bind zu specific Interface for outgoing Traffic
09 Jul 2002 11:31:15 GMT Thomas =?iso-8859-1?Q?B=F6rnert?= <ppedabdyi-o7da2lxfy5xr.ml@ml.delegate.org>


it's working fine ! Thank you for your support !
I need this to bind the source address because i've only a net-net freeswan tunnel.
and i  will no communication with public ip-adresses.

Thanks!

- Thomas

Yutaka Sato wrote:

> On 05/29/02(21:07) you =?ISO-8859-1?Q?Thomas_B=F6rnert?= <tb@tbits.net> wrote
> in <Pine.LNX.4.33.0205291359240.10000-00000X@obelix.intra.tbits.net>
>  |I'm using delegated on a firewall with a freeswan vpn tunnel.
>  |I've 3 Interfaces : eth0 (internal), eth1 (external) ipsec0 (vpn).
>  |I'll bind delegated to eth0 and it should be send all data
>  |with this source address of eth0 over the vpn to the other locations.
>  |Sendmail can do that for example. If i do this with delegated already
>
> Could you tell me how is the sendmail configured to do so?
>
>  |the address from the interface ipsec0 will be used, because the
>  |traffic will be routed through the interface ipsec0.
>  |
>  |the delegated comman:
>  |delegated -P192.168.73.1:123/udp SERVER=udprelay://192.168.118.40:123 /
>  |          SRCIF="192.168.73.1:*:*192.168.118.40:192.168.73.1" /
>  |          LOGFILE="/var/log/delegate"
>  |
>  |i'll use the delegated on the firewall as proxy for the ntp protocol (net-
>  |work-time-protocol)
>
> I see.  You are so right to think you can use SRCIF to make DeleGate
> do bind the source address.  I've not implemented to refer SRCIF in
> udprelay yet, I'll make it as the enclosed patch.
> I'm not sure the configuration of your interfaces, but I think just
>
>  SRCIF=192.168.73.1
>
> will do if it is the address of "ipsec0".
>
> Cheers,
> Yutaka
> --
>   @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
>  ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
>
> *** ../delegate7.9.5/src/udprelay.c     Mon Mar  4 15:46:54 2002
> --- udprelay.c  Thu May 30 14:32:45 2002
> ***************
> *** 108,114 ****
>         return service_permitted0(clhost,clport,"udprelay",svhost,svport);
>   }
>
> ! static UDP_Assoc *newUA(uav,clhost,clport,svhost,svport)
>         UDP_Assoc *uav[];
>         char *clhost,*svhost;
>   {     int ux;
> --- 108,115 ----
>         return service_permitted0(clhost,clport,"udprelay",svhost,svport);
>   }
>
> ! static UDP_Assoc *newUA(Conn,uav,clhost,clport,svhost,svport)
> !       Connection *Conn;
>         UDP_Assoc *uav[];
>         char *clhost,*svhost;
>   {     int ux;
> ***************
> *** 116,131 ****
>         int svsock;
>         int rcode;
>         char msg[128];
>
>         if( !permitted(clhost,clport,svhost,svport) )
>                 return NULL;
>
> !       svsock = server_open("UDPRELAY",NULL,0,-1);
>         if( svsock < 0 ){
>                 ux = longestIdle(uav);
>                 sv1log("push out longest idle 1 [%d]\n",ux);
>                 delUA(uav,ux,"NoMoreSocket",1);
> !               svsock = server_open("UDPRELAY",NULL,0,-1);
>                 if( svsock < 0 )
>                         return NULL;
>         }
> --- 117,140 ----
>         int svsock;
>         int rcode;
>         char msg[128];
> +       char lhost[256];
> +       int lport;
>
>         if( !permitted(clhost,clport,svhost,svport) )
>                 return NULL;
>
> !       strcpy(lhost,"*");
> !       lport = 0;
> !       SRCIFfor(Conn,"udprelay",svhost,svport,lhost,&lport);
> !       if( strcmp(lhost,"*") == 0 )
> !               lhost[0] = 0;
> !
> !       svsock = server_open("UDPRELAY",lhost,lport,-1);
>         if( svsock < 0 ){
>                 ux = longestIdle(uav);
>                 sv1log("push out longest idle 1 [%d]\n",ux);
>                 delUA(uav,ux,"NoMoreSocket",1);
> !               svsock = server_open("UDPRELAY",lhost,lport,-1);
>                 if( svsock < 0 )
>                         return NULL;
>         }
> ***************
> *** 299,305 ****
>                         }
>                         ua = findUAbysrc(uassocv,ihost,iport,svhost,svport);
>                         if( ua == NULL ){
> !                               ua = newUA(uassocv,ihost,iport,svhost,svport);
>                                 if( ua == NULL ){
>                                         continue;
>                                 }
> --- 308,314 ----
>                         }
>                         ua = findUAbysrc(uassocv,ihost,iport,svhost,svport);
>                         if( ua == NULL ){
> !                               ua = newUA(Conn,uassocv,ihost,iport,svhost,svport);
>                                 if( ua == NULL ){
>                                         continue;
>                                 }

--
Mit freundlichen Grüssen
Best regards

Thomas Börnert
Geschäftsführer
Senior IT Consultant & Manager

DO NOT GIVE OUR ADDRESS TO THIRD PARTYS, WE HATE JUNK-MAIL
___________________________________________________________________
TBits.net GmbH                   | Telefon:  +49 (0)700 TBITSNET
Thomas Börnert                   | oder      +49 (0)700 0000000F
Seeweg 6                         | Auto:     +49 (0)000 000000F
D-73553 Alfdorf                  | Fax2Mail: +49 (0)80 0000 0000F
http://www.tbits.net             | eMail:    info@tbits..




  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V