From owner-freebsd-ipfw  Fri Jun  9 18:48:46 2000
Delivered-To: freebsd-ipfw@freebsd.org
Received: from post.xecu.net (post.xecu.net [216.127.136.211])
	by hub.freebsd.org (Postfix) with ESMTP id 2495037C5C7
	for <freebsd-ipfw@FreeBSD.ORG>; Fri,  9 Jun 2000 18:48:43 -0700 (PDT)
	(envelope-from andy@xecu.net)
Received: from shell.xecu.net (shell.xecu.net [216.127.136.216])
	by post.xecu.net (Postfix) with ESMTP
	id 99EEA48F1; Fri,  9 Jun 2000 21:44:46 -0400 (EDT)
Received: from localhost (andy@localhost)
	by shell.xecu.net (8.8.8+Sun/8.8.8) with ESMTP id VAA27699;
	Fri, 9 Jun 2000 21:46:44 -0400 (EDT)
X-Authentication-Warning: shell.xecu.net: andy owned process doing -bs
Date: Fri, 9 Jun 2000 21:46:44 -0400 (EDT)
From: Andy Dills <andy@xecu.net>
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
Cc: freebsd-ipfw@FreeBSD.ORG
Subject: Re: Hijacking DNS with ipfw 
In-Reply-To: <200006092339.e59Ndgw02026@cwsys.cwsent.com>
Message-ID: <Pine.GSO.4.21.0006092140590.21767-100000@shell.xecu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 9 Jun 2000, Cy Schubert - ITSD Open Systems Group wrote:

> > I had thought that this rule would cut it:
> > 
> > ipfw add 10 fwd 127.0.0.1,53 udp from any to any 53 recv xl1
> > 
> > But that just doesn't work. I'm assuming it's because maybe named gets
> > confused because fwd rules preserve the dest IP (as fwd rules are intended
> > to be used in transparent cacheing).
> > 
> > Does anybody have a suggestion on how to approach this?
> 
> This just changes the next hop a packet would take to its final 
> destination.  You'll need to use NAT to do what you want.

That is correct and incorrect. In my experience and according to the man
page, if the "next hop" is an address on the box in question, it is dumped
into the specified port such that the reply packets have a source address
of the dest addr of the original packet. I'm not forwarding the packet to
another host, I'm forwarding it to localhost so that the DNS server can
handle it.

Regarding NAT, I am using NAT. However, I'm not interested in DNS packets
leaving my network, as many customers will have DNS servers in private IP
space. So, while I'm doing NAT for everything else, I need to hijack dns
to dump it to the local named. I'm positive this is possible, I'm just not
sure how to do it :>

Thanks,
Andy

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Andy Dills                              301-682-9972
Xecunet, LLC                            www.xecu.net
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Dialup * Webhosting * E-Commerce * High-Speed Access



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message