From owner-freebsd-current Thu Jun 11 11:01:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA14899 for freebsd-current-outgoing; Thu, 11 Jun 1998 11:01:34 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA14882 for ; Thu, 11 Jun 1998 11:01:26 -0700 (PDT) (envelope-from julian@whistle.com) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id KAA04055; Thu, 11 Jun 1998 10:52:03 -0700 (PDT) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpd004031; Thu Jun 11 17:51:57 1998 Message-ID: <35801935.2781E494@whistle.com> Date: Thu, 11 Jun 1998 10:51:49 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2.5-RELEASE i386) MIME-Version: 1.0 To: Brandon Lockhart CC: current@FreeBSD.ORG Subject: Re: Annnonce: Transparent proxy patches References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Brandon Lockhart wrote: > > :> ipfw add 2 fwd localhost,25 tcp from any to any 23 in recv ed0 > > Alright, it took me awhile, but I just figured out the format. Kind of > confusing. (I was thinking you forwarding it outside the network, that > screwed my thinking up, then I would just recomend "datapipe". > > :> #gobble > :> ipfw add 2 fwd localhost tcp from any to any 80 in > :> > :> I believe Linux has had this for a short while.. > > Julian, you completely lost me here. Is this to forward any incoming tcp > connection to port 80 (http)? If not, please explain what it would do. > Also, can you give me a scenario where that would be useful? I can > understand some of it being used, for example > > ipfw add 1 allow tcp from any to any 23 in > ipfw add 2 fwd localhost tcp from any to any 80 in What this does is take a session passing through this machine and connect it to a local connection the original session creator thinks it's connected to the machine they requested, not knowing that it has been intercepted. the intecepting socket even thinks it's on the target machine :-) if the intercepting socket does a getsockname() it will be told the name and port of the original request. A second thing it can do is over-ride the next-hop route for a particular session. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message