From owner-freebsd-net Tue Nov 26 8: 3:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5505E37B401 for ; Tue, 26 Nov 2002 08:03:20 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC48643E4A for ; Tue, 26 Nov 2002 08:03:19 -0800 (PST) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Tue, 26 Nov 2002 11:03:14 -0500 Message-ID: From: Don Bowman To: "'freebsd-net@freebsd.org'" Subject: IPFW question with options and fwd rule Date: Tue, 26 Nov 2002 11:03:13 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org If I create a rule to 'fwd' packets with a particular TCP option set (or IP option) to a specific local port, and then I accept on that port, will subsequent packets without that option work? ie, I have this: 100 fwd localhost,9000 tcp from any to any 1234 tcpoptions ts recv interface SYN (TCP option SACK=1), Dest port=5555, Dest ip = random-host SYN/ACK ACK (no TCP options) will the first SYN reach me? (yes I think, even though the IP is not mine and the dest port is not me, the ipfw fwd magic takes care). Will the ACK from the client reach me? (the dest ip is not me, so will the stack discard, or will the already created PCB take care of this?) I'd like to carry on a normal TCP conversation, but select the local port that terminates it based on a TCP option. The destination IP will be somewhere else (its a transparent proxy application). Thanks in advance. --don (don@sandvine.com www.sandvine.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message