Hi All!
I have a Pentium 100 (32 MBRAM) with FreeBSD 4.4 installed on it and I am using it as a gateway. When I am downloading (or uploading) stuff simultaneously I see that natd is using up to 100% of the cpu capacity, hence the internet connection becomes blocked.
My guess is I will have... (1 Reply)
i have a firewall with two interfaces eth0 and eth1, eth0 is connected to an external network, and eth0 is connected to a private lan.
im using this command for NAT
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 223.0.0.3
my questions are :
1) how can i... (4 Replies)
Hi gurus.
Not such a problem, more of a proof of concept.
Ive got two zones :- database-1 and database-dr-1 on two different servers. Both zones have different ip addresses.
I want to copy the whole zone database-1 over to database-dr-1, which is simple enough, but I want to install... (0 Replies)
hellou, can anybody help me with nat detection in real time ? i prefer some detection script because i try some nat detection program's for example p0f or i'm using tcpdump, but i would get contain of specific packet. Some ideas? (1 Reply)
Hi everybody,
I'm running on Solaris 10 X86 (update 1009).
I would like to make NAT's rule. I explain you.
On Solaris, I configure the principal interface e1000g0 with IP : 192.168.0.33
I created the first logical interface like that :
ifconfig e1000g0 addif 192.168.0.40 netmask... (0 Replies)
Hello,
I am facing this scenario: three or more remote LAN (peripheral offices), with the same devices (printers, NAS) in each of them. Those LANs have the same network addresses, i.e.192.168.1.* (are connected to WAN via NAT).
I need to collect snmp traps from a central server (public IP).... (4 Replies)
Hi, I am learning IPTables have this question.
My server is behind a firewall that does a PAT & NAT to the LAN address.
Internet IP: 68.1.1.23
Port: 10022
Server LAN IP: 10.1.1.23
port: 22
Allowed Internet IPs: 131.1.1.23, 132.1.1.23
I want to allow a set of IPs are to be able to... (1 Reply)
Hi.
I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term.
I would like to route all VPN client requests for addresses... (0 Replies)
Discussion started by: nickb1976
0 Replies
LEARN ABOUT SUNOS
mac
mac(1) User Commands mac(1)NAME
mac - calculate message authentication codes of the input
SYNOPSIS
/usr/bin/mac -l | [-v] -a algorithm [-k keyfile] [file...]
DESCRIPTION
The mac utility calculates the message authentication code (MAC) of the given file or files or stdin using the algorithm specified.
If more than one file is given, each line of output is the MAC of a single file.
OPTIONS
The following options are supported:
-a algorithm Specifies the name of the algorithm to use during the encryption or decryption process. See USAGE, Algorithms for details.
Note: Algorithms for producing general length MACs are not supported.
-k keyfile Specifies the file containing the key value for the encryption algorithm. Each algorithm has specific key material require-
ments, as stated in the PKCS#11 specification. If -k is not specified, mac prompts for key material using get-
passphrase(3C).
For information on generating a key file, see dd(1M) or System Administration Guide: Security Services.
-l Displays the list of algorithms available on the system. This list can change depending on the configuration of the crypto-
graphic framework. The keysizes are displayed in bits.
-v Provides verbose information.
USAGE
Algorithms
The supported algorithms are displayed with the -l option. These algorithms are provided by the cryptographic framework. Each supported
algorithm is an alias to the most commonly used and least restricted version of a particular algorithm type. For example, md5_hmac is an
alias to CKM_MD5_HMAC.
These aliases are used with the -a option and are case-sensitive.
Passphrase
When the -k option is not used during encryption and decryption tasks, the user is prompted for a passphrase. The passphrase is manipulated
into a more secure key using the PBKDF2 algorithm specified in PKCS #5.
EXAMPLES
Example 1: Listing available algorithms
example$ mac -l
Algorithm Keysize: Min Max
-----------------------------------
des_mac 64 64
sha1_hmac 8 512
md5_hmac 8 512
Example 2: Getting the message authentication code for a file
example$ mac -v -k mykey -a sha1_hmac /export/foo
sha1_hmac (/export/foo) = 913ced311df10f1708d9848641ca8992f4718057
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO digest(1), dd(1M), getpassphrase(3C), libpkcs11(3LIB), attributes(5), pkcs11_softtoken(5)
System Administration Guide: Security Services
RSA PKCS#11 v2.11 http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11
RSA PKCS#5 v2.0 http://www.rsasecurity.com/rsalabs/pkcs/pkcs-5
SunOS 5.10 23 Apr 2004 mac(1)