Date: Wed, 10 Jun 1998 10:14:28 -0700 From: Julian Elischer <julian@whistle.com> To: "Rodney W. Grimes" <rgrimes@GndRsh.aac.dev.com> Cc: current@FreeBSD.ORG Subject: Re: Annnonce: Transparent proxy patches Message-ID: <357EBEF4.33590565@whistle.com> References: <199806101635.JAA14402@GndRsh.aac.dev.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Rodney W. Grimes wrote: > > > > > Chrisy Luke <chrisy@flix.net> posted a mixed set of patches > > recently that added the ability to do transparent proxying > > to FreeBSD, however there were several shortcomings. > > 1/ In particular you really needed 2 machines or to match 2 different > > rules to be able to do some redirections. > > > > 2/ They were part of his 'multipath' patches. > > > > I have separated them out and updted them for -current. > > I have also put in some code to allow local redirection of outgoing > > packets. > ... > > Hummm... this has some other interesting applications, one could control > which outbound connection was used from a multi-homed border router based > upon source ip address it appears: > > ipfw add 2 fwd eth0 ip from X.X.X.0/24 to any > ipfw add 3 fwd eth1 ip from Y.Y.Y.0/24 to any > > or does the code have this ability? And/or do you need to be > more specific about protocols/ports? If you don't specify a new port, it will use the originally specified port. Of course ports only make sense for local diversions as the packet is not altered, so once it has left this machine, the diversion is finished. You can only specify a target by IP address, but yes, if you had 2 default routes, you could easily do this.. so it would look like: ipfw add 2 fwd isp1-gw ip from X.X.X.0/24 to any ipfw add 2 fwd isp2-gw ip from Y.Y.Y.0/24 to any (of course the OTHER part of Chrisy's patch (mpath) does this even better by allowing you to specify multiple default routes and letting the system multiplex on them.. > > -- > Rod Grimes - KD7CAX - (RWG25) hmm KD7CAX, I didn't know you were a HAM.. Is this new or old? > rgrimes@gndrsh.aac.dev.com > Accurate Automation, Inc. Reliable computers for FreeBSD > http://www.aai.dnsmgr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?357EBEF4.33590565>