Date: Thu, 11 Jun 1998 10:51:49 -0700 From: Julian Elischer <julian@whistle.com> To: Brandon Lockhart <brandon@engulf.net> Cc: current@FreeBSD.ORG Subject: Re: Annnonce: Transparent proxy patches Message-ID: <35801935.2781E494@whistle.com> References: <Pine.BSF.3.96.980610075944.27256B-100000@engulf.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Brandon Lockhart wrote: > > :> ipfw add 2 fwd localhost,25 tcp from any to any 23 in recv ed0 > > Alright, it took me awhile, but I just figured out the format. Kind of > confusing. (I was thinking you forwarding it outside the network, that > screwed my thinking up, then I would just recomend "datapipe". > > :> #gobble > :> ipfw add 2 fwd localhost tcp from any to any 80 in > :> > :> I believe Linux has had this for a short while.. > > Julian, you completely lost me here. Is this to forward any incoming tcp > connection to port 80 (http)? If not, please explain what it would do. > Also, can you give me a scenario where that would be useful? I can > understand some of it being used, for example > > ipfw add 1 allow tcp from any to any 23 in > ipfw add 2 fwd localhost tcp from any to any 80 in What this does is take a session passing through this machine and connect it to a local connection the original session creator thinks it's connected to the machine they requested, not knowing that it has been intercepted. the intecepting socket even thinks it's on the target machine :-) if the intercepting socket does a getsockname() it will be told the name and port of the original request. A second thing it can do is over-ride the next-hop route for a particular session. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35801935.2781E494>