From owner-freebsd-hackers  Sat Jul 26 12:26:20 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA14776
          for hackers-outgoing; Sat, 26 Jul 1997 12:26:20 -0700 (PDT)
Received: from acromail.ml.org (acroal.vip.best.com [206.86.222.181])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA14769
          for <freebsd-hackers@FreeBSD.ORG>; Sat, 26 Jul 1997 12:26:16 -0700 (PDT)
Received: from localhost (kernel@localhost)
	by acromail.ml.org (8.8.6/8.8.5) with SMTP id MAA09834;
	Sat, 26 Jul 1997 12:26:27 -0700 (PDT)
Date: Sat, 26 Jul 1997 12:26:27 -0700 (PDT)
From: FreeBSD Technical Reader <kernel@acromail.ml.org>
To: Dan Janowski <danj@3skel.com>
cc: hackers <freebsd-hackers@FreeBSD.ORG>
Subject: Re: ipfw divert, transparent proxy
In-Reply-To: <33D6E265.46DEFC7@3skel.com>
Message-ID: <Pine.BSF.3.96.970726122524.9794A-100000@acromail.ml.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


natd is the tool you are looking for -- unfortunately I was running it on
my machine and it would cause a reboot every 10 to 15 minutes.

On Thu, 24 Jul 1997, Dan Janowski wrote:

> I am replacing an old TIS firewall that has one very
> interesting feature that I am looking to provide with my
> FreeBSD 2.2.2 box. It is this:
> 
> They use ipfs which has the capability of "transparently" doing
> packet re-rerouting and, thereby, proxy transparently.
> 
> (This is my understanding from looking at the config for
> about five minutes)
> 
> With the TIS firewall set as a client's default router,
> this "transparent" mechanism will take a packet that is
> destined for x.x.x.x:port, where x.x.x.x is an exterior
> Internet address, and essentially drop the IP address and
> deliver the packet to the local "port". 
> 
> This has some limited usefulness. Some services, like whois,
> that always go to the InterNIC can be automatically proxied.
> In this particular case, AOL (yuck) is the problem. There is no
> proxying for AOL's client, but this transparent mechanism works
> very well.
> 
> How can I do this? I know that the current ipfw supports divert
> sockets, but I don't see any references to a general purpose
> proxy (like plug-gw) that supports diverts. Delegate does application
> proxy, but I don't see divert support there.
> 
> Any hints?
> 
> Thanks,
> 
> Dan
> 
> -- 
> danj@3skel.com
> Dan Janowski
> Triskelion Systems, Inc.
> Bronx, NY
>