From owner-freebsd-questions@FreeBSD.ORG Mon Oct 6 06:10:24 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E73D816A4B3 for ; Mon, 6 Oct 2003 06:10:24 -0700 (PDT) Received: from ecserv7.uwaterloo.ca (ecserv7.uwaterloo.ca [129.97.50.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id CAAD843FA3 for ; Mon, 6 Oct 2003 06:10:23 -0700 (PDT) (envelope-from bruce@engmail.uwaterloo.ca) Received: from ecserv7.uwaterloo.ca (localhost.uwaterloo.ca [127.0.0.1]) h96DAMjA059267 for ; Mon, 6 Oct 2003 09:10:22 -0400 (EDT) (envelope-from bruce@engmail.uwaterloo.ca) Received: (from www@localhost) by ecserv7.uwaterloo.ca (8.12.6p2/8.12.6/Submit) id h96DAMEA059266 for freebsd-questions@freebsd.org; Mon, 6 Oct 2003 09:10:22 -0400 (EDT) (envelope-from bruce@engmail.uwaterloo.ca) X-Authentication-Warning: ecserv7.uwaterloo.ca: www set sender to bruce@engmail.uwaterloo.ca using -f Received: from 129.97.50.50 ( [129.97.50.50])HTTP; Mon, 6 Oct 2003 09:10:22 -0400 Message-ID: <1065445822.3f8169be80fe3@www.nexusmail.uwaterloo.ca> Date: Mon, 6 Oct 2003 09:10:22 -0400 From: Bruce Campbell To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1 / FreeBSD-4.6.2 X-Originating-IP: 129.97.50.50 Subject: ipfw and divert and trying to do something clever X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 13:10:25 -0000 I have some machines behind a freebsd firewall, and I'm using ipfw. Presently, I reset attempts to smtp past the firewall: reset tcp from [subnet] to any 25 but I'd like to divert them to my own smtp server, so it doesn't matter what the clients try to use. I thought this would be easy. Maybe it is. The "fwd" feature doesn't seem to do it, as it just forwards a specific ipaddr[,port] (no subnet/mask) "divert" looks like the way to do it, and after a few hours of fiddling with a program that opens a divert socket, I can watch all manner of traffic going back and forth, but each time I attempt to send it elsewhere, I get nowhere. I am duly setting both the ip and tcp checksum, before re-injection. Somebody else must have done this, and/or I must be doing it the wrong way. Any suggestions ? Please e-mail me directly also as I am not on this list. A code snippet using divert would be excellent. -- Bruce Campbell Engineering Computing CPH-2374B University of Waterloo (519)888-4567 ext 5889 ---------------------------------------- This mail sent through www.mywaterloo.ca