From owner-freebsd-ipfw@FreeBSD.ORG  Fri Oct  8 18:02:03 2010
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B073C106566B
	for <ipfw@freebsd.org>; Fri,  8 Oct 2010 18:02:03 +0000 (UTC)
	(envelope-from jamesbrandongooch@gmail.com)
Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 3EDC98FC17
	for <ipfw@freebsd.org>; Fri,  8 Oct 2010 18:02:02 +0000 (UTC)
Received: by wwb31 with SMTP id 31so1338232wwb.31
	for <multiple recipients>; Fri, 08 Oct 2010 11:02:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:in-reply-to
	:references:date:message-id:subject:from:to:cc:content-type;
	bh=S3sktwCZunWvieYkPzIAoTqij9hsdzFPwe9UOj+DmAk=;
	b=evroWDnqI06kD9zyXwetElDPmzK246zqzw7ZT5CQJYmGvP1FKOwiJ0K5nQGgQSxL4U
	HC/qam9vcDpfGEYuN8K1DzOQtrhS8K1U1XXjhdf1Na6GopK5IdZs7xRWB/4tFkmypUrx
	UymfVSf4mVaCnZ72RVm1irQbUOAAw/GEWdAwo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=JQz3c/LlBcZESdXj+LmsuPRDdAGPa2h7IyG+hHD2DlbzQYIa4cPbeh3HJflpxwXdnJ
	qux4gvF4D2q4ld/P9eQxOCYrS11JkNuaR+9G2QV7UHvWkPN87NUMAQrNNLbK0WKsLE0m
	M0WifvOn8TH4NiXNJ/Dds/7USdhd1okBVaGWM=
MIME-Version: 1.0
Received: by 10.216.173.70 with SMTP id u48mr931168wel.59.1286560921175; Fri,
	08 Oct 2010 11:02:01 -0700 (PDT)
Received: by 10.216.133.133 with HTTP; Fri, 8 Oct 2010 11:02:01 -0700 (PDT)
In-Reply-To: <AANLkTi=syThdw-++KAbVdJLGrh2JEFUJi5ztKs9cxWFE@mail.gmail.com>
References: <AANLkTi=wHkmfDmoPrKN1SRcE9m=1_5iieAd85hQNWHs1@mail.gmail.com>
	<AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com>
	<AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com>
	<4CAA1E7B.1020107@freebsd.org>
	<AANLkTikExTKMWvvDwn=rVUSqwz6UeVXi8WOSsHROQYq+@mail.gmail.com>
	<4CAA45CC.8020304@freebsd.org>
	<AANLkTikAd_fke1HfMgRy3h4fXpo7_DcX3E4+Tu__3my8@mail.gmail.com>
	<4CAB8B35.7020703@freebsd.org>
	<AANLkTi=hoe+CaV6+byagXYwzDRAHqCseh-M_44OxEeJO@mail.gmail.com>
	<4CACE7DE.9020106@freebsd.org>
	<AANLkTik2KEYACzjfTS+XpB3OiaJL-uYckbLbf2C0DWaS@mail.gmail.com>
	<AANLkTi=syThdw-++KAbVdJLGrh2JEFUJi5ztKs9cxWFE@mail.gmail.com>
Date: Fri, 8 Oct 2010 13:02:01 -0500
Message-ID: <AANLkTikHcEn5yKJdTRYV4WjPkeEosWtGZvyyOeEK2+gZ@mail.gmail.com>
From: Brandon Gooch <jamesbrandongooch@gmail.com>
To: Eduardo Meyer <dudu.meyer@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>,
	Luiz Otavio O Souza <lists.br@gmail.com>, ipfw@freebsd.org,
	Julian Elischer <julian@freebsd.org>,
	Adrian Chadd <adrian@ucc.gu.uwa.edu.au>
Subject: Re: layer2 ipfw 'fwd' support
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Oct 2010 18:02:03 -0000

On Fri, Oct 8, 2010 at 10:55 AM, Eduardo Meyer <dudu.meyer@gmail.com> wrote:
> On Thu, Oct 7, 2010 at 10:23 PM, Eduardo Meyer <dudu.meyer@gmail.com> wrote:
[SNIP]
> Luiz has added it to: http://loos.no-ip.org:280/lusca_bridge.diff
>
> I have tested and it works pretty well.
>
> I hope someone can add it to -HEAD, so we won't loose it again. With
> time, ipfw code changes and such great patches like Rizzo's and
> Julian's stop working one day. It's bad we miss such great
> functionality.

Sounds like a reasonable request. I hope it is considered.

> Thank you again everyone envolved.

Thanks goes to you for your persistence in getting this working.

> Adrian / Luiz / Julian,
>
> With this patch fwd does it's job on L2, ordinary proxy works like a
> charm. But TPROXY won't work. It would be perfect to have both
> features together. If you can suggest any further tests or changes I
> will be pleased to test.

To be clear, are we getting to the point of having the capability in
ipfw of doing something like this in pf:

...
pass in quick on $INT_IF route-to lo0 inet proto tcp from any to
127.0.0.1 port 3128 keep state
...

...thus allowing true, transparent proxying?

I really thought that this was possible already with ipfw :( I need to
do some more reading...

I would be very interested in obtaining details on your final setup,
once everything is in place and fully functioning :)

-Brandon