From owner-freebsd-net Sun Jun 7 20:11:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA14045 for freebsd-net-outgoing; Sun, 7 Jun 1998 20:11:09 -0700 (PDT) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from roma.coe.ufrj.br (jonny@roma.coe.ufrj.br [146.164.53.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA13907; Sun, 7 Jun 1998 20:10:34 -0700 (PDT) (envelope-from jonny@jonny.eng.br) Received: (from jonny@localhost) by roma.coe.ufrj.br (8.8.8/8.8.8) id AAA11012; Mon, 8 Jun 1998 00:10:12 -0300 (EST) (envelope-from jonny) From: Joao Carlos Mendes Luis Message-Id: <199806080310.AAA11012@roma.coe.ufrj.br> Subject: Re: Transparent packet diversion: Where is it? In-Reply-To: <35773444.59E2B600@whistle.com> from Julian Elischer at "Jun 4, 98 04:56:52 pm" To: julian@whistle.com (Julian Elischer) Date: Mon, 8 Jun 1998 00:10:11 -0300 (EST) Cc: ghelmer@scl.ameslab.gov, hackers@FreeBSD.ORG, net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org #define quoting(Julian Elischer) // > This code mostly adds support to the ipfw interface and code to support // > two things, which are based on the same thing: // > // > * Directing INCOMING traffic that match rules to a LOCAL TCP port. // > This is intended for transparent proxying without external calls // > to a LKM, it also doesn't touch the packet, so getsockname() works // > so there's also no need for a subsequent IOCTL to work out what the // > original destination/port was. // > It's freaky seeing random remote IP's listed as "Local addresses" // > in netstat! BSD-router-speed transparent diversion... :-) // > // > * Modifying the next-hop address of OUTBOUND traffic that matches the // > rule. My intention for this is to direct web traffic from a core // > router to a transparent proxy. David Sharnoff also wanted something // > similar, and the functionality of this thus extends to doing a route // > table lookup on the specified next-hop and using the route to it, // > meaning the next-hop doesn't need to be on a directly reachable // > interface. Remember though, this code only forwards to a directly // > reachable machine! It doesn't deliver it to the specified next-hop! // > TCP port numbers are ignored if this rule comes into affect. Cool !!! When will this be added to the main source tree ? :) Jonny -- Joao Carlos Mendes Luis M.Sc. Student jonny@jonny.eng.br Universidade Federal do Rio de Janeiro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message