From owner-freebsd-questions@FreeBSD.ORG Sat Jun 19 16:14:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B81E16A4CE for ; Sat, 19 Jun 2004 16:14:15 +0000 (GMT) Received: from out003.verizon.net (out003pub.verizon.net [206.46.170.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id D194843D39 for ; Sat, 19 Jun 2004 16:14:14 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from [192.168.1.3] ([68.161.84.3]) by out003.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040619161350.SUJW6671.out003.verizon.net@[192.168.1.3]>; Sat, 19 Jun 2004 11:13:50 -0500 Message-ID: <40D46636.1020909@mac.com> Date: Sat, 19 Jun 2004 12:13:42 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Matt Juszczak References: <40D3752A.8000809@atopia.net> In-Reply-To: <40D3752A.8000809@atopia.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out003.verizon.net from [68.161.84.3] at Sat, 19 Jun 2004 11:13:50 -0500 cc: freebsd-questions@freebsd.org Subject: Re: Redirection with a bridge ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jun 2004 16:14:15 -0000 Matt Juszczak wrote: > Is there a way to do IP redirection without using layer 3? (IPNAT or > routing)? I have a bridge setup and want to redirect any port 80 > traffic outgoing through the bridge to a specific server .... but it > seems I can only do this with ipfw's forward/fwd or ipnat's rdr commands > ... which are all layer 3 oriented and dont work with just a bridge... Well, you can use layer-2 bridging to forward network traffic to any directly connected physical subnet you want to, and you can use "ifconfig alias" to give machines on that subnet multiple IPs. If a machine sees traffic to its MAC address and/or is in promiscuous mode (which is what a FreeBSD bridge sets the interfaces it uses to), the machine will pay attention to those packets. If the packets contain IP addresses which the machine believes belong to it, then it will respond appropriately. Frankly, however, I suspect that you are confusing yourself more than you are solving the problem you actually want to solve. :-) Given a sufficiently complex set of firewall rules, packet forwarding, NAT re-writing, and whatever else, you can mangle packets in pretty much any way one can think of. Do this only when you need to, to the extent that is useful. If setting up a "normal" network and letting the default TCP/IP local-subnet and routing behaviors do the right thing is at all possible, let the default behavior work for you. -- -Chuck