Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 27 Dec 2001 10:17:53 -0800
From:      "Henry Su" <henrysu@nttmcl.com>
To:        "Julian Elischer" <julian@elischer.org>
Cc:        <freebsd-net@FreeBSD.ORG>
Subject:   RE: socket call in the kernel
Message-ID:  <AJEHKCJLENGKGEHDIOJGCEODCGAA.henrysu@nttmcl.com>
In-Reply-To: <Pine.BSF.4.21.0112270120520.85465-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks a lot Julian. Please let me know if u need more info.


My goal is using test2 as authentication server, when http request pass
through test2 box, test2 will redirect to an authentication url on itself.

__________			    ___________________
|	    |crossover cable  |			     |
|test1    |---------------->| test2(ipfw,proxy)|-->router->Internet
|_________|                 |__________________|


test2 has ipfw and a proxy server for redirection, it is configured as a
bridge, one interface has ip address, one interface does not, which test1 is
connected to.


The rule for forwarding is:

#Forward no valid http packet to local authentication
${fwcmd} add 65534 fwd localhost,8800 log tcp from any to any 80



For example, here's 2 cases, one works, one failed.

Failed case: from test1, "telnet www.yahoo.com 80", from the test2 ipfw log,
you can see the packet is forwarded (e.g "Dec 27 00:34:25 test2 /kernel:
ipfw: 65534 Forward to 127.0.0.1:8800 TCP 216.69.69.248:1101
129.219.10.10:80 in via dc2").
but the proxy server on test2 seems did not get the forwarded packet.

Worked case: from test1, "telnet test2 80", it just works. The proxy server
got the packet, and send redirection message to test1: "
> HTTP/1.1 302 Moved
> Date: Thu, 27 Dec 2001 00:53:18  PST
> Location: https://216.69.69.254/cgi-bin/login
> 0
>
>
> Connection closed by foreign host.
"

My guess is:

The proxy socket server can only listen to packet's dst ip address that
matches its own ip address. The proxy server is written by myself, it's java
socket server, when it receive any packet at port 8800, it sends back some
http redirection
information.





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AJEHKCJLENGKGEHDIOJGCEODCGAA.henrysu>