From owner-p4-projects@FreeBSD.ORG Tue Jan 8 02:36:39 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 688FB16A419; Tue, 8 Jan 2008 02:36:39 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D7B916A41A for ; Tue, 8 Jan 2008 02:36:39 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.237]) by mx1.freebsd.org (Postfix) with ESMTP id D99D013C458 for ; Tue, 8 Jan 2008 02:36:38 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so1679764nzf.13 for ; Mon, 07 Jan 2008 18:36:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=VP+9pwFBzMmdrypLaUGj5xBuYFwq1zvPZm1XbvD15og=; b=kBhcAT61dggFILRM67lXuf879pQNxU6NzPq0i0znsJkB/ywpF7soWp6Mc6b5o4J6qWXnSmluAbqUOCUFGrKDbRReDX0EiQnXIr9PsKfl4wwKLtDQJZ0TzGaZYe1SSP805RuykGJdcKukyZiENHAjBEII8H393PdXeuSHOHA5w7U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=fXmr6ikBR2sjpEvqoUGeVwXyYKoyeI8RexZmVj9UBSm2vM0Vt8EH1cTn3/jtV+QsqDlVi2vTSQ7qPQ0vDUsNTJeXSG6wUNUaywcXib7toEZSMPnc012ikd8WGfM42rgGB5E8HYL1UiBcKSaTZlNBFCHSyWKQqW721rHXrJs/4Kg= Received: by 10.142.103.6 with SMTP id a6mr19105wfc.21.1199758224995; Mon, 07 Jan 2008 18:10:24 -0800 (PST) Received: by 10.143.155.13 with HTTP; Mon, 7 Jan 2008 18:10:24 -0800 (PST) Message-ID: Date: Tue, 8 Jan 2008 11:10:24 +0900 From: "Adrian Chadd" Sender: adrian.chadd@gmail.com To: "Andre Oppermann" In-Reply-To: <4782A21C.2060504@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <200801071418.m07EIwNn036146@repoman.freebsd.org> <4782A21C.2060504@freebsd.org> X-Google-Sender-Auth: 01d84833b19dec1f Cc: Perforce Change Reviews Subject: Re: PERFORCE change 132710 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2008 02:36:39 -0000 On 08/01/2008, Andre Oppermann wrote: > Reinventing the wheel? Have a look at IPFIREWALL_FORWARD > which supports transparent proxying as well. Yes, but redirects it to a local listen() socket, effectively spoofing the destination IP. The client (ie, the computer making the connect()) thinks its talking to the original destination. This is meant to implement the other end - spoofing the local IP on sockets that you connect() to, spoofing the local IP and not the destination IP. This is intended to let a FreeBSD box (with relevant symmetrical routing) pretend to be a client on a connect() to a remote server. If this can be done within pf/ipfw right now then please let me know. :) adrian -- Adrian Chadd - adrian@freebsd.org