Date: Thu, 27 Dec 2001 11:31:22 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: Henry Su <henrysu@nttmcl.com> Cc: freebsd-net@FreeBSD.ORG Subject: RE: socket call in the kernel Message-ID: <Pine.BSF.4.21.0112271057040.84622-100000@InterJet.elischer.org> In-Reply-To: <AJEHKCJLENGKGEHDIOJGCEODCGAA.henrysu@nttmcl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 Dec 2001, Henry Su wrote:
> Thanks a lot Julian. Please let me know if u need more info.
>
>
> My goal is using test2 as authentication server, when http request pass
> through test2 box, test2 will redirect to an authentication url on itself.
>
> _________ ___________________
> | |crossover cable | |
> |test1 |---------------->|test2(ipfw,proxy) |----->router->Internet
> |_________| |__________________|
X.1.1.3 X.1.1.2
>
>
> test2 has ipfw and a proxy server for redirection, it is configured as a
> bridge, one interface has ip address, one interface does not, which test1 is
> connected to.
Assume dc1 on the router side of test2
and dc2 on the crossover side of test2
is the router doing nat?
is X.x.x.x. a routable address?
I presume that X.1.1.3 AND X.1.1.2 are on the same logical net.
Are they both routable addresses?
firstly, bridging is a new factor. you didn't mention that before..
I am not sure how bridging will interract with everything else.
What does netstat -aA show on test2? Is the server bound to an address?
i.e. do you bind() the server to a particular address?
if so which?
Why are you bridging?
do you want people on test1 to authenticate, or people coming in from the
internet? (you need to specify what you want to redirect..)
>
>
> The rule for forwarding is:
>
> #Forward no valid http packet to local authentication
> ${fwcmd} add 65534 fwd localhost,8800 log tcp from any to any 80
>
>
>
> For example, here's 2 cases, one works, one failed.
>
> Failed case: from test1, "telnet www.yahoo.com 80", from the test2 ipfw log,
> you can see the packet is forwarded (e.g "Dec 27 00:34:25 test2 /kernel:
> ipfw: 65534 Forward to 127.0.0.1:8800 TCP 216.69.69.248:1101
> 129.219.10.10:80 in via dc2").
> but the proxy server on test2 seems did not get the forwarded packet.
>
> Worked case: from test1, "telnet test2 80", it just works. The proxy server
> got the packet, and send redirection message to test1: "
I wonder if someone has broken fwd?
if you do the following:
on test2, telnet localhost 80
and
telnet www.freebsd.org 80
what happens?
>
> My guess is:
>
> The proxy socket server can only listen to packet's dst ip address that
> matches its own ip address. The proxy server is written by myself, it's java
> socket server, when it receive any packet at port 8800, it sends back some
> http redirection
> information.
>
No the address that the server will be matched against is the
address in the fwd rule, and not the address in the packet.
roughly it does:
tempaddr = address_from_packet
if (ipfw matches a fwd rule)
tempaddr = address_in_rule
find socket that matches tempaddr.
It could be that the bridging is somehow confusing the forwarding..
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0112271057040.84622-100000>