From owner-freebsd-stable Mon Mar 5 13:52:17 2001 Delivered-To: freebsd-stable@freebsd.org Received: from taltos.taltos.org (64-6-187-7.sfo3.phoenixdsl.net [64.6.187.7]) by hub.freebsd.org (Postfix) with ESMTP id 167EC37B718 for ; Mon, 5 Mar 2001 13:52:16 -0800 (PST) (envelope-from carson@taltos.org) Received: from [10.10.1.2] (athyra.taltos.org [10.10.1.2]) by taltos.taltos.org (Postfix) with ESMTP id 4556F283C9 for ; Mon, 5 Mar 2001 13:52:15 -0800 (PST) Date: Mon, 05 Mar 2001 13:52:16 -0800 From: Carson Gaspar Cc: stable@FreeBSD.ORG Subject: Re: Did ipfw fwd just break? Message-ID: <45411812.983800336@[10.10.1.2]> In-Reply-To: <20010304012338.A52971@pit.databus.com> References: <20010304012338.A52971@pit.databus.com> X-Mailer: Mulberry/2.1.0a2 (Win32) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --On Sunday, March 04, 2001 1:23 AM -0500 Barney Wolff wrote: > I question whether this complexity is necessary. The effect of the > tranparent proxying could just as well have been achieved by > translating to an alias address that is assigned to the interface, > rather than to localhost, right? Simpler is better, in the kernel. But that means that your proxy has to be bound to the interface address, and something could connect to it directly that didn't get redirected there by ipfw. Localhost is the right thing to do. (Of course, I use ipfilter... ;-) -- Carson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message