From owner-freebsd-hackers  Sat Jul 26 12:48:59 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA16464
          for hackers-outgoing; Sat, 26 Jul 1997 12:48:59 -0700 (PDT)
Received: from becker1.u.washington.edu (spaz@becker1.u.washington.edu [140.142.12.67])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA16455
          for <freebsd-hackers@FreeBSD.ORG>; Sat, 26 Jul 1997 12:48:56 -0700 (PDT)
Received: from localhost (spaz@localhost)
          by becker1.u.washington.edu (8.8.4+UW97.07/8.8.4+UW97.05) with SMTP
	  id MAA27138; Sat, 26 Jul 1997 12:48:39 -0700 (PDT)
Date: Sat, 26 Jul 1997 12:48:39 -0700 (PDT)
From: "J. Utz" <spaz@u.washington.edu>
To: FreeBSD Technical Reader <kernel@acromail.ml.org>
cc: Dan Janowski <danj@3skel.com>, hackers <freebsd-hackers@FreeBSD.ORG>
Subject: Re: ipfw divert, transparent proxy
In-Reply-To: <Pine.BSF.3.96.970726122524.9794A-100000@acromail.ml.org>
Message-ID: <Pine.OSF.3.96.970726124653.26325B-100000@becker1.u.washington.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

hi

And the reason u cant use ppp -alias is that this is not a phone line
connection... right?

john

On Sat, 26 Jul 1997, FreeBSD Technical Reader wrote:

> 
> natd is the tool you are looking for -- unfortunately I was running it on
> my machine and it would cause a reboot every 10 to 15 minutes.
> 
> On Thu, 24 Jul 1997, Dan Janowski wrote:
> 
> > I am replacing an old TIS firewall that has one very
> > interesting feature that I am looking to provide with my
> > FreeBSD 2.2.2 box. It is this:
> > 
> > They use ipfs which has the capability of "transparently" doing
> > packet re-rerouting and, thereby, proxy transparently.
> > 
> > (This is my understanding from looking at the config for
> > about five minutes)
> > 
> > With the TIS firewall set as a client's default router,
> > this "transparent" mechanism will take a packet that is
> > destined for x.x.x.x:port, where x.x.x.x is an exterior
> > Internet address, and essentially drop the IP address and
> > deliver the packet to the local "port". 
> > 
> > This has some limited usefulness. Some services, like whois,
> > that always go to the InterNIC can be automatically proxied.
> > In this particular case, AOL (yuck) is the problem. There is no
> > proxying for AOL's client, but this transparent mechanism works
> > very well.
> > 
> > How can I do this? I know that the current ipfw supports divert
> > sockets, but I don't see any references to a general purpose
> > proxy (like plug-gw) that supports diverts. Delegate does application
> > proxy, but I don't see divert support there.
> > 
> > Any hints?
> > 
> > Thanks,
> > 
> > Dan
> > 
> > -- 
> > danj@3skel.com
> > Dan Janowski
> > Triskelion Systems, Inc.
> > Bronx, NY
> > 
> 
> 

*******************************************************************************
 John Utz	spaz@u.washington.edu
	idiocy is the impulse function in the convolution of life