From owner-freebsd-questions@FreeBSD.ORG  Mon Oct  6 06:10:24 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E73D816A4B3
	for <freebsd-questions@freebsd.org>;
	Mon,  6 Oct 2003 06:10:24 -0700 (PDT)
Received: from ecserv7.uwaterloo.ca (ecserv7.uwaterloo.ca [129.97.50.127])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CAAD843FA3
	for <freebsd-questions@freebsd.org>;
	Mon,  6 Oct 2003 06:10:23 -0700 (PDT)
	(envelope-from bruce@engmail.uwaterloo.ca)
Received: from ecserv7.uwaterloo.ca (localhost.uwaterloo.ca [127.0.0.1])
	h96DAMjA059267	for <freebsd-questions@freebsd.org>;
	Mon, 6 Oct 2003 09:10:22 -0400 (EDT)
	(envelope-from bruce@engmail.uwaterloo.ca)
Received: (from www@localhost)
	by ecserv7.uwaterloo.ca (8.12.6p2/8.12.6/Submit) id h96DAMEA059266
	for freebsd-questions@freebsd.org;
	Mon, 6 Oct 2003 09:10:22 -0400 (EDT)
	(envelope-from bruce@engmail.uwaterloo.ca)
X-Authentication-Warning: ecserv7.uwaterloo.ca: www set sender to
	bruce@engmail.uwaterloo.ca using -f
Received: from 129.97.50.50 ( [129.97.50.50])HTTP;
	Mon,  6 Oct 2003 09:10:22 -0400
Message-ID: <1065445822.3f8169be80fe3@www.nexusmail.uwaterloo.ca>
Date: Mon,  6 Oct 2003 09:10:22 -0400
From: Bruce Campbell <bruce@engmail.uwaterloo.ca>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.1 / FreeBSD-4.6.2
X-Originating-IP: 129.97.50.50
Subject: ipfw and divert and trying to do something clever
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2003 13:10:25 -0000


I have some machines behind a freebsd firewall, and I'm using ipfw.

Presently, I reset attempts to smtp past the firewall:

  reset tcp from [subnet] to any 25

but I'd like to divert them to my own smtp server, so it doesn't
matter what the clients try to use.

I thought this would be easy.  Maybe it is.

The "fwd" feature doesn't seem to do it, as it just forwards a
specific ipaddr[,port] (no subnet/mask)

"divert" looks like the way to do it, and after a few hours of
fiddling with a program that opens a divert socket, I can watch
all manner of traffic going back and forth, but each time
I attempt to send it elsewhere, I get nowhere.  I am duly
setting both the ip and tcp checksum, before re-injection.

Somebody else must have done this, and/or I must be doing it
the wrong way.

Any suggestions ?  Please e-mail me directly also as I am
not on this list.  A code snippet using divert would
be excellent.

-- 
Bruce Campbell
Engineering Computing
CPH-2374B
University of Waterloo
(519)888-4567 ext 5889

----------------------------------------
This mail sent through www.mywaterloo.ca