From owner-freebsd-ipfw Sat Jun 10 10:37:37 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from post.xecu.net (post.xecu.net [216.127.136.211]) by hub.freebsd.org (Postfix) with ESMTP id BF38B37BD1D for ; Sat, 10 Jun 2000 10:37:34 -0700 (PDT) (envelope-from andy@xecu.net) Received: from shell.xecu.net (shell.xecu.net [216.127.136.216]) by post.xecu.net (Postfix) with ESMTP id 071D14768; Sat, 10 Jun 2000 13:35:29 -0400 (EDT) Received: from localhost (andy@localhost) by shell.xecu.net (8.8.8+Sun/8.8.8) with ESMTP id NAA18115; Sat, 10 Jun 2000 13:37:26 -0400 (EDT) X-Authentication-Warning: shell.xecu.net: andy owned process doing -bs Date: Sat, 10 Jun 2000 13:37:26 -0400 (EDT) From: Andy Dills To: "purpledreams.com system administrator" Cc: cjclark@alum.mit.edu, freebsd-ipfw@FreeBSD.ORG Subject: Re: Hijacking DNS with ipfw In-Reply-To: <001201bfd2fb$971c45e0$a3337218@purpledreams.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 10 Jun 2000, purpledreams.com system administrator wrote: > I think that you will still need natd or something similiar, as ipfw > doesn't change the packets, and natd does, exactly as you describe > above. The problem is how to make the redirection occur for _any_ > connection attempt to port 53, instead of merely redirecting port 53 > attempts to known IPs. Well, to provide more input, I did this: I set up apache on this box, running on the standard port 80. I did a: ipfw add 200 fwd 127.0.0.1,80 tcp from any to any 80 recv xl1 And guess what...it worked perfectly. So, I'm growing closer to assuming this is a named issue. I'm considering trying out tinydns from bernstien, to see what happens with that. Andy xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Andy Dills 301-682-9972 Xecunet, LLC www.xecu.net xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Dialup * Webhosting * E-Commerce * High-Speed Access To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message