From owner-freebsd-net@FreeBSD.ORG  Fri Jul 22 14:38:05 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6757816A420
	for <freebsd-net@freebsd.org>; Fri, 22 Jul 2005 14:38:05 +0000 (GMT)
	(envelope-from melkor@pikenet.ru)
Received: from grimble.pike.ru (grimble.pike.ru [194.135.18.157])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D4EA743D83
	for <freebsd-net@freebsd.org>; Fri, 22 Jul 2005 14:37:56 +0000 (GMT)
	(envelope-from melkor@pikenet.ru)
Received: (from melkor@localhost)
	by grimble.pike.ru (8.11.2/8.11.1) id j6MF22b63271
	for freebsd-net@freebsd.org; Fri, 22 Jul 2005 19:02:02 +0400 (MSD)
	(envelope-from melkor)
Date: Fri, 22 Jul 2005 19:02:02 +0400
From: Roman Petrov <melkor@pikenet.ru>
To: freebsd-net@freebsd.org
Message-ID: <20050722190201.C58377@pikenet.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: Problem with sending SYN/ACK
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jul 2005 14:38:05 -0000

Hello,

Suppose I have three daemons, who grab all the packets which are
forwarded to their addresses via different vlans 

fwd 10.104.50.2,9998 tcp from any to any dst-port 80 in recv vlan0
fwd 10.104.50.6,9998 tcp from any to any dst-port 80 in recv vlan1
fwd 10.104.50.10,9998 tcp from any to any dst-port 80 in recv vlan2

Those daemons then proceed to answer with a static responce
(well, I mean they actually accept connection, give the responce 
and close socket which they've created accepting connection)

Those daemons run with uids of 20000 20001 and 20002.
So, I forward the answers to the proper gateway by using ipfw rules:

fwd 10.104.50.1 tcp from any to any out uid 20000
fwd 10.104.50.5 tcp from any to any out uid 20001
fwd 10.104.50.9 tcp from any to any out uid 20002

The problem is that the SYN/ACK packet seems to be sent from another uid,
and thus cannot be forwarded to the proper gateway. Is there a way I can 
force sending SYN/ACK from uids I need?

I don't want to use additional natd's on those gateways,
neither I want to run those daemons on gateways.

Thank You for reading this.

-- 
	Roman Petrov