[pilax@pilax.com: Libnet Freebsd and nat]

• Forwarded message from pilax@pilax.com -----

Return-Path: <pilax@pilax.com>
Delivered-To: route@tradecraft.infonexus.com Received: (qmail 8813 invoked by alias); 15 Nov 2002 22:31:22 -0000 Delivered-To: mike@infonexus.com
Received: (qmail 31699 invoked from network); 15 Nov 2002 22:31:22 -0000 Received: from arennes-301-1-6-11.abo.wanadoo.fr (HELO fw1ngfp3) (81.49.44.11)   by softdnserror with SMTP; 15 Nov 2002 22:31:22 -0000 Received: from ([192.168.0.98]) by fw1ngfp3.pilax.com; Fri, 15 Nov 2002 23:29:36 +0100 (CET) Received: from srvplayxp.pilax.com ([172.16.0.3]) by srvpilax1.pilax.com with Microsoft SMTPSVC(6.0.3663.0); Fri, 15 Nov 2002 23:30:19 +0100 To: mike@infonexus.com
Subject: Libnet Freebsd and nat
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.9 November 16, 2001 Message-ID: <OFA017473B.DD83D6F6-ONC1256C72.007A83D4@pilax.com> From: pilax@pilax.com
Date: Fri, 15 Nov 2002 23:30:17 +0100
X-MIMETrack: Serialize by Inactif on Philippe NICOLAS(Release 5.0.9 |November 16, 2001) at 15/11/2002 23:30:25, Serialize complete at 15/11/2002 23:30:25 Content-Type: multipart/alternative; boundary="=_alternative 007B9F84C1256C72_=" Return-Path: philippenicolas@wanadoo.fr
X-OriginalArrivalTime: 15 Nov 2002 22:30:19.0725 (UTC) FILETIME=[9445EFD0:01C28CF6] Status: RO
Content-Length: 2342
Lines: 54

Hello

I use a Freebsd gateway at home with ipfilter, ipnat and pppoe. I use PAT to let the other machines going out. I need to forge packet with Libnet to test firewalls I installed (anti-spoofing and so on)
But with Freebsd the spoofed ip source address is ALWAYS nat'ed with the tun0 interface ip address.
If I turn ipnat and ipfilter off, the packet never leave the gateway !!!! With a Linux RedHat and masquerading on the same machine, I can spoof the source address with is not nat'ed with the ppp0 ip address.

Is it a Freebsd kernel issue ?
Is it a Libnet issue with Freebsd ?
Is it a raw socket issue ?
Is it a pppoe issue ?

I search a lot but got no response on the net.

Any idea ?

Thanks for help

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Philippe
----- End forwarded message -----

-- 
Network packets at bargain basement rates -- ask me how.

---------------------------------------------------------------------
To unsubscribe, e-mail: libnet-unsubscribe@securityfocus.com
For additional commands, e-mail: libnet-help@securityfocus.com