Date: Thu, 04 Jun 1998 16:56:52 -0700 From: Julian Elischer <julian@whistle.com> To: Guy Helmer <ghelmer@scl.ameslab.gov> Cc: hackers@FreeBSD.ORG, net@FreeBSD.ORG Subject: Re: Transparent packet diversion: Where is it? Message-ID: <35773444.59E2B600@whistle.com> References: <Pine.SGI.3.96.980604151126.719K-100000@demios.scl.ameslab.gov>
next in thread | previous in thread | raw e-mail | index | archive | help
YES!!!! Guy Helmer wrote: > > On Thu, 4 Jun 1998, Angelo Nardone wrote: > > > Julian Elischer wrote: > > > > > A month or so ago, someone announced a package that > > > did redirection of packets to arbitrary places. > > > > > > I remember the comment > > > "it's wierd seeing all those foreign adresses in the netstat listing". > > Perhaps this was what you were looking for: > > Date: Thu, 30 Apr 1998 21:06:04 +0100 > From: Chrisy Luke <chrisy@flix.net> > To: freebsd-hackers@FreeBSD.ORG > Subject: Beta 3 release of Multipath routing and friends. > > ftp://ftp.flirble.org/pub/unix/hacks/FreeBSD/mpath.b3.tgz > > README attached. > > A few fixes to the Multipath code. The metric stuff and the persistant > route caching will come in b4. > > This code mostly adds support to the ipfw interface and code to support > two things, which are based on the same thing: > > * Directing INCOMING traffic that match rules to a LOCAL TCP port. > This is intended for transparent proxying without external calls > to a LKM, it also doesn't touch the packet, so getsockname() works > so there's also no need for a subsequent IOCTL to work out what the > original destination/port was. > It's freaky seeing random remote IP's listed as "Local addresses" > in netstat! BSD-router-speed transparent diversion... :-) > > * Modifying the next-hop address of OUTBOUND traffic that matches the > rule. My intention for this is to direct web traffic from a core > router to a transparent proxy. David Sharnoff also wanted something > similar, and the functionality of this thus extends to doing a route > table lookup on the specified next-hop and using the route to it, > meaning the next-hop doesn't need to be on a directly reachable > interface. Remember though, this code only forwards to a directly > reachable machine! It doesn't deliver it to the specified next-hop! > TCP port numbers are ignored if this rule comes into affect. > > The rule-based forwarding mechanism is independant of the Multipath > stuff, but does have multipath code in it if multipath is compiled in. > > Currently on rule-based forwarding there's a douvle-route-table penalty > on the outbound traffic. I'll probably address this in b4 also. > > Chris. > -- > == chris@easynet.net, chrisy@flix.net, chrisy@flirble.org. > == Head of Systems for Easynet Group PLC. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35773444.59E2B600>