From owner-freebsd-hackers Tue Jan 21 16:53:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id QAA27694 for hackers-outgoing; Tue, 21 Jan 1997 16:53:03 -0800 (PST) Received: from mail.crl.com (mail.crl.com [165.113.1.22]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id QAA27687 for ; Tue, 21 Jan 1997 16:53:01 -0800 (PST) Received: from awfulhak.demon.co.uk by mail.crl.com with SMTP id AA27417 (5.65c/IDA-1.5 for ); Tue, 21 Jan 1997 16:52:36 -0800 Received: from awfulhak.demon.co.uk (localhost.coverform.lan [127.0.0.1]) by awfulhak.demon.co.uk (8.8.4/8.7.3) with ESMTP id XAA05471; Tue, 21 Jan 1997 23:21:21 GMT Message-Id: <199701212321.XAA05471@awfulhak.demon.co.uk> X-Mailer: exmh version 1.6.9 8/22/96 To: Archie Cobbs Cc: hackers@freebsd.org Subject: Re: ipdivert & masqd In-Reply-To: Your message of "Mon, 20 Jan 1997 13:29:18 PST." <199701202129.NAA12394@bubba.whistle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 21 Jan 1997 23:21:21 +0000 From: Brian Somers Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > Well, as a start to "masqd", I've written a filter that doesn nothing. It > > receives a packet, outputs bits of info, then inserts it back into the IP > > stream (after fixing the IP checksum if it's an "in" packet). > > > > Works fine for tcp connections (telnet at least) & udp (NFS at least), but > > only half-works for ICMP. It gets the incoming ICMP (ping), fixes the sum > > and does the sendto(), but never sees the reply. The reply is received by > > the sender though..... > > What do your ipfw rules look like while masqd is running? > > -Archie Not that interesting... The machines in question are 10.0.1.3 and 10.0.1.254. The 254 machine is doing the 'divert's. /sbin/ipfw -f flush /sbin/ipfw add 100 divert 6668 all from 10.0.1.3 to 10.0.1.254 /sbin/ipfw add 100 divert 6668 all from 10.0.1.254 to 10.0.1.3 /sbin/ipfw add 65000 pass all from any to any -- Brian , Don't _EVER_ lose your sense of humour....