Date: Mon, 3 Apr 2000 23:16:33 +0200 (SAST) From: <lists@security.za.net> To: freebsd-hackers@freebsd.org Subject: IPFW Tee Bug? Message-ID: <Pine.BSF.4.10.10004032308340.98074-100000@security.za.net>
next in thread | raw e-mail | index | archive | help
Hi all, got a bit of a strange situation here, hoping someone can help me out. I have the following setup... an internal network with an address range of 209.212.100.192/27 (real ips) a gatewaying freebsd box with an address of 209.212.100.193 internally external address of gateway freebsd box is 10.10.9.2 a pix firewall connected to the freebsd box with an internal address of 10.10.9.1 both the 10.10.9 addresses are in a .252 subnet (/30) the pix then has an external address of 10.10.80.2 connected to a router with an internal address of 10.10.80.1 the router than has real ips on its external interface Im also running nat on the gateway box translating everything to the 209.212.100.193 address. This all works fine, and traffic reaches the 209.212.100.192/27 subnet just fine in and out etc etc, and all seems perfect, providing I have an ipfw ruleset that looks something like this: 00001 divert 8668 ip from any to any via any 65535 allow ip from any to any The moment I do this however... 00001 divert 8668 ip from any to any via any 00002 tee 2010 tcp from any 80 to any via any 00003 tee 2010 tcp from any to any 80 via any 65535 allow ip from any to any Something breaks. When I do that, suddenly everything behind the gateway server sees the webserver on the gateway server as whatever its browsing, no matter what I browse when I have those ipfw tee commands in place it ALWAYS returns the data on the webserver on the gateway machine. Now to my knowledge ipfw tee just copied stuff to a raw socket, and didnt actually "divert" anything, so this makes no sense. Any help would be much appeciated Thanks Andrew Alston Citec Network Securities (Director) Phone: +27 (0)11 787 4241 Fax: +27 (0)11 787 4251 Email: andrew@cnsec.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10004032308340.98074-100000>