From owner-freebsd-ipfw@FreeBSD.ORG  Fri Oct 22 11:49:56 2010
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DB676106566B;
	Fri, 22 Oct 2010 11:49:56 +0000 (UTC)
	(envelope-from dudu.meyer@gmail.com)
Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com
	[209.85.213.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 3D9248FC19;
	Fri, 22 Oct 2010 11:49:55 +0000 (UTC)
Received: by ywh2 with SMTP id 2so597603ywh.13
	for <multiple recipients>; Fri, 22 Oct 2010 04:49:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:received:in-reply-to
	:references:date:message-id:subject:from:to:cc:content-type;
	bh=I3kps9u5Je7J0USGgPg8MPra+JbZHUQOXfs+ToQ7+/s=;
	b=cUwWj7g8eTPhG0tJ/Jv52gc/eZO16g8xm5GuLI6iT3o0jAVnSC+STShNPoE+Hq5w5H
	+C6i21b9B8iuGkDflVHV6+4Q+hrrWjO0EiB6dknj8hYWK0RirCszzxrDIU+Wlzj6yP9P
	I8US4AKAGsWAirn2k2q3k4PI798Z4lyHoeuh4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	b=TsxPoFTi6zVIGks3F9Eihqpp87bH140DHutPhHnTSi39ZDt18Rad4tsXyBriksPDGk
	6tNgXLdFzkLDWJzqdcw2OIIyu1yO7tCAlOLabydc277gLf2Lah+lRo8JhDS8kp2UXtXy
	z9EjzhALi1XkuqOU2yDY+movmhnJB1riOKRpQ=
MIME-Version: 1.0
Received: by 10.229.95.19 with SMTP id b19mr2159859qcn.64.1287748195223; Fri,
	22 Oct 2010 04:49:55 -0700 (PDT)
Received: by 10.229.192.194 with HTTP; Fri, 22 Oct 2010 04:49:54 -0700 (PDT)
In-Reply-To: <AANLkTikHcEn5yKJdTRYV4WjPkeEosWtGZvyyOeEK2+gZ@mail.gmail.com>
References: <AANLkTi=wHkmfDmoPrKN1SRcE9m=1_5iieAd85hQNWHs1@mail.gmail.com>
	<AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com>
	<AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com>
	<4CAA1E7B.1020107@freebsd.org>
	<AANLkTikExTKMWvvDwn=rVUSqwz6UeVXi8WOSsHROQYq+@mail.gmail.com>
	<4CAA45CC.8020304@freebsd.org>
	<AANLkTikAd_fke1HfMgRy3h4fXpo7_DcX3E4+Tu__3my8@mail.gmail.com>
	<4CAB8B35.7020703@freebsd.org>
	<AANLkTi=hoe+CaV6+byagXYwzDRAHqCseh-M_44OxEeJO@mail.gmail.com>
	<4CACE7DE.9020106@freebsd.org>
	<AANLkTik2KEYACzjfTS+XpB3OiaJL-uYckbLbf2C0DWaS@mail.gmail.com>
	<AANLkTi=syThdw-++KAbVdJLGrh2JEFUJi5ztKs9cxWFE@mail.gmail.com>
	<AANLkTikHcEn5yKJdTRYV4WjPkeEosWtGZvyyOeEK2+gZ@mail.gmail.com>
Date: Fri, 22 Oct 2010 09:49:54 -0200
Message-ID: <AANLkTimy5E20WdpVmwug5kZ1eTJ9G7Cvt2Lee9_miVYi@mail.gmail.com>
From: Eduardo Meyer <dudu.meyer@gmail.com>
To: Brandon Gooch <jamesbrandongooch@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>,
	Luiz Otavio O Souza <lists.br@gmail.com>, ipfw@freebsd.org,
	Julian Elischer <julian@freebsd.org>,
	Adrian Chadd <adrian@ucc.gu.uwa.edu.au>
Subject: Re: layer2 ipfw 'fwd' support
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Oct 2010 11:49:56 -0000

On Fri, Oct 8, 2010 at 4:02 PM, Brandon Gooch
<jamesbrandongooch@gmail.com> wrote:
> On Fri, Oct 8, 2010 at 10:55 AM, Eduardo Meyer <dudu.meyer@gmail.com> wrote:
>> On Thu, Oct 7, 2010 at 10:23 PM, Eduardo Meyer <dudu.meyer@gmail.com> wrote:
> [SNIP]
>> Luiz has added it to: http://loos.no-ip.org:280/lusca_bridge.diff
>>
>> I have tested and it works pretty well.
>>
>> I hope someone can add it to -HEAD, so we won't loose it again. With
>> time, ipfw code changes and such great patches like Rizzo's and
>> Julian's stop working one day. It's bad we miss such great
>> functionality.
>
> Sounds like a reasonable request. I hope it is considered.
>
>> Thank you again everyone envolved.
>
> Thanks goes to you for your persistence in getting this working.
>
>> Adrian / Luiz / Julian,
>>
>> With this patch fwd does it's job on L2, ordinary proxy works like a
>> charm. But TPROXY won't work. It would be perfect to have both
>> features together. If you can suggest any further tests or changes I
>> will be pleased to test.
>
> To be clear, are we getting to the point of having the capability in
> ipfw of doing something like this in pf:
>
> ...
> pass in quick on $INT_IF route-to lo0 inet proto tcp from any to
> 127.0.0.1 port 3128 keep state
> ...

Yes, pretty much that.

>
> ...thus allowing true, transparent proxying?
>
> I really thought that this was possible already with ipfw :( I need to
> do some more reading...
>
> I would be very interested in obtaining details on your final setup,
> once everything is in place and fully functioning :)

Right. I'm still working on that. We have separated grat things
working perfectly. Now I want to glue it together. TPROXY with
FreeBSD's IP_BINDANY works perfectly based on L3 redirection with
IPFW. Now we can do IPFW L2 redirection/forwarding. So I want to be
able to use both togerther, TPROXY with IPFW L2 forwarding.

I am investigating the code, learning, trying some tests; since I am
not a developer, not good at hacking 3rd party code, I am trying some
dirty tricks. Unsucessfull right now but still investigating.

Thank you for your interest :-)

>
> -Brandon
>



-- 
===========
Eduardo Meyer
pessoal: dudu.meyer@gmail.com
profissional: ddm.farmaciap@saude.gov.br