From owner-freebsd-questions@FreeBSD.ORG Mon Jun 21 21:01:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7955D16A4CE for ; Mon, 21 Jun 2004 21:01:42 +0000 (GMT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.84]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6456F43D60 for ; Mon, 21 Jun 2004 21:01:42 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin02-en2 [10.13.10.147]) by smtpout.mac.com (8.12.6/MantshX 2.0) with ESMTP id i5LL1ar2014869; Mon, 21 Jun 2004 14:01:36 -0700 (PDT) Received: from [10.1.1.193] (nfw2.codefab.com [199.103.21.225] (may be forged)) (authenticated bits=0)i5LL1aAJ000647; Mon, 21 Jun 2004 14:01:36 -0700 (PDT) In-Reply-To: <3514.134.210.7.179.1087850914.squirrel@134.210.7.179> References: <40D3752A.8000809@atopia.net> <40D46636.1020909@mac.com> <3514.134.210.7.179.1087850914.squirrel@134.210.7.179> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <2E739980-C3C6-11D8-BF1C-003065ABFD92@mac.com> Content-Transfer-Encoding: 7bit From: Charles Swiger Date: Mon, 21 Jun 2004 17:01:35 -0400 To: matt@example.com X-Mailer: Apple Mail (2.618) cc: freebsd questions Subject: Re: Redirection with a bridge ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jun 2004 21:01:42 -0000 On Jun 21, 2004, at 4:48 PM, matt@example.com wrote: > Is it possible to redirect packets that are being passed through a > bridge > based on their protocol/port, so that if a HTTP packet (port 80) goes > through the bridge, no matter what its destination is, it will be > redirected to IP address 4.3.2.1. Yes. In order to redirect packets to a different IP address, you have to rewrite those packets, which is what natd or ipnat do, working at layer 3. > Thats what I'm trying to solve. I know that you can do the above > successfully if you are using a NAT (ipnat) or if you are doing routing > (IPFW's forward command), but is it possible to do it with a bridge? Bridging works at layer-2. Without using NAT, bridging alone will forward the traffic but not change the destination IP to 4.3.2.1. Note that the IPFW forward command redirects traffic via a specific outbound interface, it does not perform layer-3 routing (ie, your traditional IP stuff using netmasks, gateways, and the local routing table that most people mean by the word "routing"). -- -Chuck