From owner-freebsd-net Sat Apr 6 11:51: 1 2002 Delivered-To: freebsd-net@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 5736837B405 for ; Sat, 6 Apr 2002 11:50:54 -0800 (PST) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g36Jvi912545; Sat, 6 Apr 2002 13:57:44 -0600 (CST) (envelope-from nick@rogness.net) Date: Sat, 6 Apr 2002 13:57:44 -0600 (CST) From: Nick Rogness X-Sender: nick@cody.jharris.com To: "Matthew D. Fuller" Cc: Alex Rousskov , freebsd-net@FreeBSD.ORG Subject: Re: Forcing packets to the wire In-Reply-To: <20020405222555.C65380@over-yonder.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 5 Apr 2002, Matthew D. Fuller wrote: > On Fri, Apr 05, 2002 at 06:48:09PM -0600 I heard the voice of > Nick Rogness, and lo! it spake thus: > > On Fri, 5 Apr 2002, Alex Rousskov wrote: > > > > > > - Is it possible without kernel modifications? How? > > > > AFAIK, No. Your only 2 possiblities that I could think of would > > be to use policy routing or natd. Both will fail in this case. > > You MIGHT be able to use ipfw divert/pipe rules to somehow shove the > packets into a program on their way out, and write a program that > would use raw sockets to hand-assemble the IP datagram on the way out; > I'm not sure if the kernel would try to outsmart you on that. Yeh, I thought of that. The problem is packets never leave anywhere since the route for the other NIC is not "OUT" any interface...it is the machine itself. I had a brief thought of using an upstream device that could route the appropriate nat'd addresses to each interface. This would be tricky to do but a maybe something like: =================== | Upstream device | =================== | | | | xl0 xl1 =================== | BSD Machine | =================== On the BSD machine: ipfw divert natd ip from any to 2.3.4.5 out via xl0 ipfw divert natd ip from 2.3.4.5 to any in via xl0 ipfw divert natd2 ip from any to 2.3.4.5 in via xl1 ipfw divert natd2 ip from any to 192.168.0.1 out via xl1 ipfw allow ip from any to any # route add -host 192.168.0.1 -iface xl1 # route add -host 2.3.4.5 -iface xl0 # natd -alias_address 192.168.0.1 # natd2 -redirect_address $IP_OF_xl1 2.3.4.5 -n xl1 # route add default $IP_OF_UPSTREAM_DEVICE Then on the Upstream device: # route add -host 2.3.4.5 $IP_OF_xl1 # route add -host 192.168.0.1 $IP_OF_xl0 That should get the basic functionality but there is still a tad bit of tweaking to do to get everything working. The basic concept is there though. Of course, your IP's on the outside will be different than what they really are which is not what the original author wanted. So I said it is not a viable solution. PS. I just randomly chose 192.168.0.1 & 2.3.4.5...you could use anything that is not part of either IP subnet assigned to xl0 & xl1. Nick Rogness - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message