Date: Fri, 16 Nov 2001 11:59:03 -0800 (PST) From: Julian Elischer <julian@elischer.org> To: Mikel King <mikel@ocsinternet.com> Cc: Chrisy Luke <chrisy@flix.net>, Julian Elischer <julian@vicor-nb.com>, net@FreeBSD.ORG Subject: Re: RFC: ipfirewall_forward patch Message-ID: <Pine.BSF.4.21.0111161157490.6632-100000@InterJet.elischer.org> In-Reply-To: <3BF51DC8.A2AC1549@ocsinternet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
A "doddle" is "a task so easy that you could do it in your sleep" (BTW the patch has a small bug.. but the fix is trivial.) On Fri, 16 Nov 2001, Mikel King wrote: > Just curious, but what's a doddle? > > Cheers, > mikel > > Julian Elischer wrote: > > > On Thu, 15 Nov 2001, Chrisy Luke wrote: > > > > > only packets already leaving the system can be hijacked and forwarded > > > > > to a 2nd machine. Incoming packets can only be forwarded to local > > > > > addresses/port combinations. > > > > > > My fault. I was being lazy when I wrote it. :) > > > > Ah it WAS you I committed it for wasn't it? :-) > > > > > > > > > > This patch would allow a sequence of mchines to hijack > > > > > a particular conforming packet and pass it allong a chain of > > > > > these machine sot make it fall out somewhere else.. > > > > > > It looks good. The ipfw syntax doesn't quite make sense to me. > > > > They all have different bits masked by the netmask.. > > > > > Also, are you requiring that they all be on the same ipfw rule number? > > > > No, I was lazy.. > > (cut'n'pasted the rules) > > > > > > > > Writing a script to probe a serving host and alter ipfw rules could be > > > done seamlessly if they were on seperate ipfw rules. > > > > well sure.. it's the mechanism not the details I was looking at.. > > Can you check my logic on the changes.? > > I'll be testing it more tonight.. > > > > > > > > With a similar trick to move aliases around on a primary ether port, > > > it's going to be a doddle to setup a clustered-transparent loadbalancer > > > in FreeBSD now. Neat. :) > > > > that's the theory.. > > > > Why make a huge complicated program to do it when > > you can do it with ipfw :-) > > > > > > > > Cheers, > > > Chris. > > > -- > > > == chris@easynet.net T: +44 845 333 0122 > > > == Global IP Network Engineering, Easynet Group PLC F: +44 845 333 0122 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-net" in the body of the message > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0111161157490.6632-100000>