From owner-freebsd-current@FreeBSD.ORG  Sat Mar 12 12:22:15 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 57C8216A4CE
	for <current@freebsd.org>; Sat, 12 Mar 2005 12:22:15 +0000 (GMT)
Received: from mta05-winn.mailhost.ntl.com (smtpout15.mailhost.ntl.com
	[212.250.162.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5775843D49
	for <current@freebsd.org>; Sat, 12 Mar 2005 12:22:13 +0000 (GMT)
	(envelope-from antony.t.curtis@ntlworld.com)
Received: from aamta04-winn.mailhost.ntl.com ([212.250.162.8])
	by mta05-winn.mailhost.ntl.com with ESMTP
	<20050312122212.RDRZ13018.mta05-winn.mailhost.ntl.com@aamta04-winn.mailhost.ntl.com>;
	Sat, 12 Mar 2005 12:22:12 +0000
Received: from localhost.localdomain ([81.107.94.210])
	by aamta04-winn.mailhost.ntl.com with ESMTP
	<20050312122212.XPHI1352.aamta04-winn.mailhost.ntl.com@localhost.localdomain>;
	Sat, 12 Mar 2005 12:22:12 +0000
From: Antony T Curtis <antony.t.curtis@ntlworld.com>
To: Antal Rutz <arutz@mimoza.pantel.net>
In-Reply-To: <42321F57.9060708@elischer.org>
References: <20050311223413.GA5126@mimoza.pantel.net>
	 <42321E4F.9020904@elischer.org>  <42321F57.9060708@elischer.org>
Content-Type: text/plain
Date: Sat, 12 Mar 2005 12:22:09 +0000
Message-Id: <1110630129.77713.3.camel@pcgem.rdg.cyberkinetica.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
cc: current@freebsd.org
Subject: Re: Transparent proxy feature?
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Mar 2005 12:22:15 -0000

On Fri, 2005-03-11 at 14:44 -0800, Julian Elischer wrote:
> responding to myself to add more..
> 
> Julian Elischer wrote:
> > Antal Rutz wrote:
> >
> >> Hi,
> >>
> >> Nowadays I have to use a special firewall software ('zorp') but
> >> unfortunately it only runs on linux. the reason is that only linux
> >> has the feature (transparent proxying) to listen on/send packets 
> >> (sourcing)
> >> from other IP addresses than the machine has. (maybe with an extra kmod)

<snip>

> The proxy software need only do a getsockname() to get the sockaddr to use
> for the forward connection.
> 
> The ipfw rules need to be set so that the outgoing forward connection by 
> the
> proxy is not also captured :-)

Isn't the following option also required?

option IPFIREWALL_FORWARD


-- 
Antony T Curtis, BSc.                   UNIX, Linux, *BSD, Networking
antony.t.curtis@ntlworld.com            C++, J2EE, Perl, MySQL, Apache
                                        IT Consultancy.