From owner-freebsd-questions@FreeBSD.ORG Wed Jul 28 08:50:59 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BDB2E16A4CE for ; Wed, 28 Jul 2004 08:50:59 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB8FC43D1F for ; Wed, 28 Jul 2004 08:50:58 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i6S8oHmH072397 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jul 2004 09:50:17 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i6S8oHkD072396; Wed, 28 Jul 2004 09:50:17 +0100 (BST) (envelope-from matthew) Date: Wed, 28 Jul 2004 09:50:17 +0100 From: Matthew Seaman To: fred@bsdhost.net Message-ID: <20040728085016.GB72137@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , fred@bsdhost.net, questions@freebsd.org References: <41075B49.10005@softjoys.com> <671075AC-E06F-11D8-B215-000A9575BCC8@bsdhost.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XF85m9dhOBO43t/C" Content-Disposition: inline In-Reply-To: <671075AC-E06F-11D8-B215-000A9575BCC8@bsdhost.net> User-Agent: Mutt/1.5.6i X-Greylist: Message not sent from an IPv4 address, not delayed by milter-greylist-1.5.3 (smtp.infracaninophile.co.uk [0.0.0.0]); Wed, 28 Jul 2004 09:50:17 +0100 (BST) X-Virus-Scanned: clamd / ClamAV version devel-20040705, clamav-milter version 0.74a on smtp.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: questions@freebsd.org Subject: Re: ip traffic redirection. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 08:50:59 -0000 --XF85m9dhOBO43t/C Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 28, 2004 at 10:23:28AM +0200, fred@bsdhost.net wrote: > This is maybe the wrong list for this question but anyway... No -- this is the right list for questions. > For a proof of concept I need to setup a gateway to divert certain kind= =20 > of ip traffic to a special program who do some counting and=20 > modification on these packets and then re-inject them back. This has to= =20 > be a gateway and not a router. Yes, that's doable. It sounds very much like transparent proxying. So long as you can select the traffic you want to process solely by examining the IP headers it should be easy. Of course, the process you feed the selected packets to can do whatever it wants with them and can be programmed to decode packet payloads as required. =20 > Does someone know if there is a package un the FreeBSD ports who can=20 > help me do that? Can I do that using ipfw and in that case can someone=20 > send me a pointer to some docs or examples ? What you want to do sounds very much like transparent proxying. That can be implemented fairly simply under FreeBSD using, for example ipfw(8)'s 'fwd' mechanism. There's a nics discussion in the Squid FAQ which you should be able to mine for clues: http://www.squid-cache.org/Doc/FAQ/FAQ-17.html Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --XF85m9dhOBO43t/C Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFBB2jIiD657aJF7eIRAq84AJ9S5xV7IPcA4YI05xojbg96cqbX+gCgsCHC AHK22pByxIbxOKPlBDLCAkg= =uXGr -----END PGP SIGNATURE----- --XF85m9dhOBO43t/C--