From owner-freebsd-net  Thu Feb  3  2: 0:46 2000
Delivered-To: freebsd-net@freebsd.org
Received: from vidle.i.cz (vidle.i.cz [193.179.36.138])
	by builder.freebsd.org (Postfix) with ESMTP id 33C5642CF
	for <freebsd-net@freebsd.org>; Thu,  3 Feb 2000 02:00:42 -0800 (PST)
Received: from ns.i.cz (brana.i.cz [193.179.36.134])
	by vidle.i.cz (Postfix) with ESMTP id 1F6063072C
	for <freebsd-net@freebsd.org>; Thu,  3 Feb 2000 11:00:48 +0100 (CET)
Received: from woody.i.cz (woody.i.cz [192.168.18.29])
	by ns.i.cz (Postfix) with ESMTP id 232BB36415
	for <freebsd-net@freebsd.org>; Thu,  3 Feb 2000 11:00:47 +0100 (CET)
Content-Length: 1695
Message-ID: <XFMail.000203110047.mm@i.cz>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <Pine.BSF.4.05.10002030920510.26330-100000@plato.salford.ac.uk>
Date: Thu, 03 Feb 2000 11:00:47 +0100 (MET)
Reply-To: mm@i.cz
From: Martin Machacek <mm@i.cz>
To: freebsd-net@freebsd.org
Subject: Re: Can 3.4-S cope with packets not addressed to it?
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On 03-Feb-00 Mark Powell wrote:
> Hmmm. Hadn't though of that. Now how many web servers are there in the
> world. Could you provide a list and I'll start setting the aliases up.
> Seriously, is there any way to get FreeBSD to accept any IP packets?

You cannot use alias address on any of your interfaces since you won't be able
to reach the real server to fetch the content into your cache. However, you can
use the ipfw fwd ... rule to feed the request to your cache (squid?) no
matter what IP address is the packet header. The cache can then use the
getsockname call to find out the "real" address and fetch the content from the
real server. If you're using some recent version of squid it should work out of
the box (just add the ipfw fwd rules). In order to redirect all HTTP requests to
the cache you should add something like this:

ipfw add 1000 fwd 127.0.0.1,3128 tcp from <your_net> to any 80 in via <your_eth>

assuming yor web cache listens on 127.0.0.1 port 3128. You should substitute
addresses of your clients for <your_net> (e.g. 10.0.0.0/8) and name of your
ethernet interface for <your_eth> (e.g. fxp0). It is critical that you put the
"in" keyword in the rule in order to avoid loops triggered by your cache
trying to fetch the content from the real server. 

See man 8 ipfw for more.

If you're using squid as the cache you could eventually use WCCP to redirect
HTTP requests to it. Recent version of squid support it out of the box you only
have to configure the address of your "home router". However your router has to
support WCCP. All Ciscos (with IOS 11.2 and higher) do. Don't know about 3Com.
WCCP is Cisco invention :-).


        Martin 

---
[PGP KeyID F3F409C4]


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message