1998-01-09 23:23:58 +00:00
|
|
|
diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD skipsrc-1.0/doc/README.FreeBSD
|
|
|
|
|
--- skipsrc-1.0.orig/doc/README.FreeBSD Wed Dec 31 16:00:00 1969
|
1998-04-13 00:17:45 +00:00
|
|
|
+++ skipsrc-1.0/doc/README.FreeBSD Sun Apr 12 16:10:32 1998
|
|
|
|
|
@@ -0,0 +1,74 @@
|
1998-01-09 23:23:58 +00:00
|
|
|
+
|
|
|
|
|
+Some notes regarding the FreeBSD port of SKIP
|
|
|
|
|
+December 8, 1997
|
|
|
|
|
+
|
|
|
|
|
+- Most of the non-man page documentation has NOT be patched to
|
|
|
|
|
+ reflect the different locations of files, etc. The main difference
|
|
|
|
|
+ is that the original version of SKIP puts everything under /usr/skip,
|
|
|
|
|
+ wheras the FreeBSD port puts it under /usr/local (or elsewhere if
|
|
|
|
|
+ you set ${PREFIX}). This documentation can be found under
|
|
|
|
|
+ /usr/local/share/doc/skip.
|
|
|
|
|
+
|
1998-04-13 00:17:45 +00:00
|
|
|
+- Thanks to S. Wehner, skiphost now takes a new argument for specifying
|
|
|
|
|
+ the source address for encrypted packets. This allows encrypted packets
|
|
|
|
|
+ that are being tunnelled between two routers to have source and dest
|
|
|
|
|
+ IP addresses of only those two routers. This reduces firewall complexity
|
|
|
|
|
+ in many cases. From his description:
|
|
|
|
|
+
|
|
|
|
|
+ This adds another command line option to skiphost, namely
|
|
|
|
|
+ -f <source address> . Every packet going out to the other host
|
|
|
|
|
+ will then have this source address in the packet.
|
|
|
|
|
+
|
1998-01-09 23:23:58 +00:00
|
|
|
+- SKIP is applied to packets *after* any ipfw(8) filtering is applied.
|
|
|
|
|
+ This is true for both incoming and outgoing packets. Note that SKIP
|
|
|
|
|
+ has its own access control functionality.
|
|
|
|
|
+
|
|
|
|
|
+ One way to deal with this is to do the following:
|
|
|
|
|
+
|
|
|
|
|
+ - Setup ipfw as you normally would to restrict access to your machine.
|
|
|
|
|
+ - Add additional ipfw rules to allow SKIP related traffic:
|
|
|
|
|
+ - ipfw add 10 allow 57 from any to any
|
|
|
|
|
+ - ipfw add 10 allow 79 from any to any (if using SunScreen mode)
|
|
|
|
|
+ - ipfw add 10 allow 50 from any to any (if using raw ESP/AH mode)
|
|
|
|
|
+ - ipfw add 10 allow 51 from any to any (if using raw ESP/AH mode)
|
|
|
|
|
+ - ipfw add 10 allow udp from any to <your-address> 1640
|
|
|
|
|
+ - ipfw add 10 allow udp from <your-address> 1640 to any
|
|
|
|
|
+ - Set the default rule for SKIP to be to allow access.
|
|
|
|
|
+
|
|
|
|
|
+- Skipd will logs via syslog(3) instead of logging directly
|
|
|
|
|
+ to /var/log/skip.log as before, using the LOG_DAEMON facility.
|
|
|
|
|
+
|
|
|
|
|
+ You may want to redirect this output to its own log file.
|
|
|
|
|
+ This is done by the following steps:
|
|
|
|
|
+
|
1998-07-30 03:14:29 +00:00
|
|
|
+ 1. touch /var/log/skipd.log
|
1998-01-09 23:23:58 +00:00
|
|
|
+ 2. Edit /etc/syslog.conf and add these lines at the end:
|
|
|
|
|
+
|
|
|
|
|
+ !skipd
|
|
|
|
|
+ *.* /var/log/skipd.log
|
|
|
|
|
+
|
|
|
|
|
+ 3. Edit /etc/newsyslog.conf as appropriate
|
|
|
|
|
+ 4. Restart syslogd
|
|
|
|
|
+
|
|
|
|
|
+- Each time skip is started (at reboot time), the skiphost
|
|
|
|
|
+ output is written to /var/log/skiphost.log. You may also
|
|
|
|
|
+ want to add an entry to /etc/newsyslog.conf for this one
|
|
|
|
|
+ as well.
|
|
|
|
|
+
|
|
|
|
|
+- Users of skip should subscribe to the SKIP mailing list
|
|
|
|
|
+ by sending an email to "majordomo@skip.org" containing
|
|
|
|
|
+ the line "subscribe skip-info".
|
|
|
|
|
+
|
|
|
|
|
+- If you have trouble:
|
|
|
|
|
+
|
|
|
|
|
+ - If there is a problem with the port itself (e.g., it won't
|
|
|
|
|
+ compile on your system), use send-pr(1) to send a problem report.
|
|
|
|
|
+
|
|
|
|
|
+ - If you are having trouble with SKIP configuration, use,
|
|
|
|
|
+ compatibility, etc., send your questions to the SKIP
|
|
|
|
|
+ mailing list: skip-info@skip.org (you should subscribe
|
|
|
|
|
+ to it first).
|
|
|
|
|
+
|
|
|
|
|
+Thanks,
|
|
|
|
|
+-Archie Cobbs <archie@whistle.com>
|
|
|
|
|
+
|
