Release Note Bianca/Brick-Xm: New System Software: Release 4.7 Revision 1
Release Note Bianca/Brick-Xm: New System Software: Release 4.7 Revision 1
Release Note Bianca/Brick-Xm: New System Software: Release 4.7 Revision 1
de
RELEASE NOTE
BIANCA/BRICK-XM
December 19, 1997
Whats new in
Release 4.7.1
This document describes the new features, enhancements, bugfixes, and changes to the BIANCA/BRICK-XM System Software since Release 4.6 Revision 4.
Upgrading System Software . . . . . . . . . . . . . . . . . . . . 2
The trace Command. . . . . . . . . . . . . . . . . . . . . . . . . . 3
New rtlookup Command . . . . . . . . . . . . . . . . . . . . . . 5
Security Feature: ipExtIfBackRtVerify . . . . . . . . . . . . . 6
New ipNatOutTable . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
MIB Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Bugfixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Released: 19.12.97
Features
The trace Command
With Release 4.7 Rev. 1 the trace command is now officially
available on your BRICK.
For WAN interfaces:
trace
-d MAC filter
set destination MAC address filter (LAN only)
-s MAC filter
set source MAC address filter (LAN only)
-o
combine two or more -s or -d filters with a logical
OR operation
MAC filter
channel
unit
0..1
slot
1..7
Please note that in cases where packets should take an asymmetric pathi.e. be received via one interface, but transmitted
via a different interfaceyou have to switch ipExtIfBackRtVerify
off, otherwise these packets are also discarded.
This filter can be separately enabled (on) for each interface
entry in the ipExtIfTable. By default it is switched off.
From the Setup Tool you can enable the Back Route Verify in
the [WAN Partners][EDIT][Advanced Settings] menu.
New ipNatOutTable
This new table can be used to configure Network Address
Translation for outgoing connections, in effect hiding the internal network addresses from the outside world.
To enable outgoing NAT for an interface you have to set the corresponding NatOutXlat variable to on in the ipExtIfTable.
For example imagine a case where a company used the
free 10.x.y.z IP addresses for their internal network, and now
they want to open the network to the internet. They obviously
cannot use the 10.x.y.z addresses, so to avoid having to reconfigure their entire network structure, they use a BRICK as a
gateway to the internet and on the BRICK configure the
ipNatOutTable to translate each 10.x.y.z address used inside the
network to a specific valid IP address for outgoing connections.
If no ipNatOutTable entry matches the source IP address of
an outgoing packet, the IP address of the NAT interface is used
as the new source IP address.
1.
2.
MIB Changes
New ipExtIfBackRtVerify variable
ipExtIfBackRtVerify
Possible values: off (1), on (2)
This variable activates a check for incoming packets.
If set to on, incoming packets are only accepted if return packets sent back to their source IP address
would be sent over the same interface. This prevents
packets being passed from untrusted interfaces to this
interface.
Default value: off
New ipNatOutTable
This table specifies the IP address translation for outgoing sessions. If no matching entry is found the IP address is set to the
IP address defined on the interface configured for NAT. If a
matching entry is found, the source IP address of outgoing IP
packets is set to the value of ipNatOutExtAddr. This table is only
used if the outgoing address translation is activated (ipExtIfNatOutXlat on).
Entries in the table are created and removed manually by
network management.
The ipNatOutTable has consists of the following variables:
ipNatOutIfIndex
This variable specifies the interface index, for which
the table entry shall be valid. If set to 0, the entry will
be valid for all interfaces configured to use NAT.
ipNatOutProtocol
Possible values: icmp (1), tcp (6), udp (17), any (255),
delete (256)
This variable specifies the protocol, for which the table
entry shall be valid.
Default value: any
ipNatOutRemoteAddr
Together with ipNatOutRemoteMask this variable spec9
10
ipNatOutIntAddr
Together with ipNatOutIntMask this variable specifies
the internal hosts IP address for outgoing calls matching the table entry. If both variables are set to 0.0.0.0,
the table entry will be valid for any source IP address.
ipNatOutIntMask
Together with ipNatOutIntAddr this variable specifies
the internal hosts IP address for outgoing calls matching the table entry. If both variables are set to 0.0.0.0,
the table entry will be valid for any source IP address.
Bugfixes
CAPI
The CAPI2_INFO_IND messages for channel identification now contain the correct setting of the Info Number
field (0x18).
When an ISDN trace was mistakenly started on the CAPI
TCP port, this led to a system boot.
This bug has been fixed.
OSPF
When importing OSPF routes into RIP (ipImportTable)
OSPF external routes are now handled correctly.
You can now also use the OSPF routing protocol over X.21
interfaces.
PPP
Sometimes outband RADIUS authentication failed without an apparent cause.
This bug has been fixed.
When using the x25_ppp encapsulation on a PMX interface, under high system load connections were sometimes
11
disconnected prematurely.
This bug has been fixed.
Setup Tool
When setting a NAT port ([IP][Network Address Translation][Config][EDIT]) to -1, this value was mistakenly
changed to 65535.
This bug has been fixed.
When trying to delete an entry from a list in Setup Tool in
rare cases a wrong entry was deleted.
This bug has also been fixed.
Security
The BRICK is no longer vulnerable to the LAND type
Denial-of-service attacks via TCP. This type of attack involved sending a TCP packet with identical source and
destination IP addresses and a set SYN flag to the BRICK.
12