From owner-freebsd-questions Thu Dec 14 10:24:45 2000 From owner-freebsd-questions@FreeBSD.ORG Thu Dec 14 10:24:43 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mail2.wmptl.com (mail2.wmptl.com [216.94.6.26]) by hub.freebsd.org (Postfix) with ESMTP id 960C737B400 for ; Thu, 14 Dec 2000 10:24:41 -0800 (PST) Received: (from apache@localhost) by mail2.wmptl.com (8.9.3/8.9.3) id NAA49633; Thu, 14 Dec 2000 13:42:57 -0500 (EST) (envelope-from webmaster@wmptl.com) Date: Thu, 14 Dec 2000 13:42:57 -0500 (EST) Message-Id: <200012141842.NAA49633@mail2.wmptl.com> From: "Nathan Vidican" To: Alwyn Goodloe Cc: questions@freebsd.org Subject: Re: Firewall question X-Mailer: NeoMail 1.20 X-IPAddress: 216.94.6.26 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Guys, > > > First I would like to thank everyone who responded to last weeks > question. > > This time around my question is a little more detailed (as I managed > to learn more :-) ). I was going to filter on a particular condition > and divert those packets to a divert socket where some processing was > to take place and if the proper conditions are met we would send the > little guys on their way. But as I read the code the packet is basically > gone from the routing software at that point. Any idea how to send the > packets on their way once I've diverted them. I know this may be an easy > question to those who do this sort of thing alot. As a last resort I was just > going to hack the ip_fw_chk() fn (in ip_fw.c). Of course I don't like > hacking systems internals if there is an easy way around it. > > > Thanks for your help. > > > Alwyn Goodloe > agoodloe@gradient.cis.upenn.edu > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > > You're probably going to need to use NATD (Network Address Translation) for that. I don't know the paticulars of your setup, but NAT will allow you to divert traffic from one port on one IP address, to another port on another address, (wheather it be another 'real' ip, or a private one). Basically it'll go something like this: xxx.xxx.xxx.xxx:xx (outside IP address) --> yyy.yyy.yyy.yyy:yy (second address) You need to utilize NATD, so as to allow the second machine to send back through the first. As I see it, this is essentially what you're trying to accomplish no? -- Nathan Vidican webmaster@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message