Date: Sat, 10 Jun 2000 12:16:27 -0700 From: "Crist J. Clark" <cjc@earthlink.net> To: Andy Dills <andy@xecu.net> Cc: cjclark@alum.mit.edu, "purpledreams.com system administrator" <super@purpledreams.com>, freebsd-ipfw@FreeBSD.ORG Subject: Re: Hijacking DNS with ipfw Message-ID: <20000610121626.A1197@dialin-client.earthlink.net> In-Reply-To: <Pine.GSO.4.21.0006101204000.15576-100000@shell.xecu.net>; from andy@xecu.net on Sat, Jun 10, 2000 at 12:30:23PM -0400 References: <20000610002454.A13393@dialin-client.earthlink.net> <Pine.GSO.4.21.0006101204000.15576-100000@shell.xecu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 10, 2000 at 12:30:23PM -0400, Andy Dills wrote: [snip] > The problem is, AFAIK nat will not do that under any circumstances. I > tried this approach already: > > (I'm running on instance of natd on 8668 already. According to the manpage > for natd, -reverse is the closest approximation to what I'm trying to do) > > natd -p 8669 -alias_address <primary ip of inside card> -reverse > ipfw add 10 divert 8669 udp from any to any 53 via xl1 > ipfw add 11 fwd 127.0.0.1,53 udp from <ip from the natd command> to any 53 > > That's the only way I can think of to do this with nat, and that didn't > work either. Shouldn't this be, # cat /etc/natd_dns.conf # command line for natd getting long port 8669 interface xl1 reverse redirect_address <internal IP> 0.0.0.0 # natd -f /etc/natd_dns.conf # ipfw add 10 divert 8669 udp from any to any 53 via xl1 # ipfw add 11 divert 8669 tcp from any to any 53 via xl1 -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000610121626.A1197>