Date: Tue, 21 Jan 1997 23:21:21 +0000 From: Brian Somers <brian@awfulhak.demon.co.uk> To: Archie Cobbs <archie@whistle.com> Cc: hackers@freebsd.org Subject: Re: ipdivert & masqd Message-ID: <199701212321.XAA05471@awfulhak.demon.co.uk> In-Reply-To: Your message of "Mon, 20 Jan 1997 13:29:18 PST." <199701202129.NAA12394@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> > Well, as a start to "masqd", I've written a filter that doesn nothing. It
> > receives a packet, outputs bits of info, then inserts it back into the IP
> > stream (after fixing the IP checksum if it's an "in" packet).
> >
> > Works fine for tcp connections (telnet at least) & udp (NFS at least), but
> > only half-works for ICMP. It gets the incoming ICMP (ping), fixes the sum
> > and does the sendto(), but never sees the reply. The reply is received by
> > the sender though.....
>
> What do your ipfw rules look like while masqd is running?
>
> -Archie
Not that interesting...
The machines in question are 10.0.1.3 and 10.0.1.254. The 254 machine is
doing the 'divert's.
/sbin/ipfw -f flush
/sbin/ipfw add 100 divert 6668 all from 10.0.1.3 to 10.0.1.254
/sbin/ipfw add 100 divert 6668 all from 10.0.1.254 to 10.0.1.3
/sbin/ipfw add 65000 pass all from any to any
--
Brian <brian@awfulhak.demon.co.uk>, <brian@freebsd.org>
<http://www.awfulhak.demon.co.uk/>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701212321.XAA05471>