Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 07 Jan 2008 23:05:16 +0100
From:      Andre Oppermann <andre@freebsd.org>
To:        Adrian Chadd <adrian@FreeBSD.org>
Cc:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   Re: PERFORCE change 132710 for review
Message-ID:  <4782A21C.2060504@freebsd.org>
In-Reply-To: <200801071418.m07EIwNn036146@repoman.freebsd.org>
References:  <200801071418.m07EIwNn036146@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Adrian Chadd wrote:
> http://perforce.freebsd.org/chv.cgi?CH=132710
> 
> Change 132710 by adrian@wendy on 2008/01/07 14:18:50
> 
> 	Bring over more of Julians' initial work.
> 
> Affected files ...
> 
> .. //depot/projects/adrian_spoof_clientip/src/share/man/man4/ip.4#2 edit
> 
> Differences ...
> 
> ==== //depot/projects/adrian_spoof_clientip/src/share/man/man4/ip.4#2 (text+ko) ====
> 
> @@ -292,6 +292,29 @@
>  cmsg_type = IP_RECVIF
>  .Ed
>  .Pp
> +If the
> +.Dv IP_NONLOCALOK
> +options is set then the checking of local bind addresses against addresses
> +assigned to local interfaces is disabled.
> +The kernel must have been compiled with the
> +.Dv IP_NONLOCALBIND option, and the sysctl
> +.Va net.inet.ip.nonlocalok
> +should be set to 1.
> +The option needs to be set on the socket before the
> +.Xr bind 2
> +system call is used on it.
> +.Bd -literal
> +u_char spoofing = 1;   /* 0 = disable (default), 1 = enable */
> +
> +setsockopt(s, IPPROTO_IP, IP_NONLOCALOK, &spoofing, sizeof(spoofing));
> +ret = bind (...);
> +.Ed
> +.Pp
> +This behaviour is not for general use and is
> +included for use in servers that are implementing fully
> +transparent proxies. Use of this option on general purpose
> +systems is strongly discouraged.
> +.Pp
>  .Dv IP_PORTRANGE
>  may be used to set the port range used for selecting a local port number
>  on a socket with an unspecified (zero) port number.

Reinventing the wheel?  Have a look at IPFIREWALL_FORWARD
which supports transparent proxying as well.

-- 
Andre

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4782A21C.2060504>