Date: Sun, 20 May 2018 00:49:53 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Andrea Venturoli <ml@netfence.it>, freebsd-net@freebsd.org Subject: Re: Proxy a TCP connection Message-ID: <5B0063C1.9040000@grosbein.net> In-Reply-To: <5a063bba-4d41-40eb-ee50-76849baaed3d@netfence.it> References: <2346bc5f-1ca3-3b6a-ac1a-c496e94eb969@netfence.it> <5AFF7970.2090206@grosbein.net> <5a063bba-4d41-40eb-ee50-76849baaed3d@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
20.05.2018 0:26, Andrea Venturoli wrote: >> Additional advantage of this approach is that >> internal hosts will see real public IP address of connecting external host >> instead of your own. > > This is exactly what I don't want, as, unfortunately, we have some devices which will refuse connections unless they come from their own subnet. I'm fine with net/bounce for cases like yours. It does not have any docs but works just fine. Use: bounce [-a localaddr | -b localaddr] [-d] [-q] [-p localport] [-t timer] machine port -a specifies listening IP address (or all, if the switch is not used) -p is for listening port, if differs from target one -b specifies IP address to bind to when connecting as client to target machine:port (or let system choose one) -d should be used when "machine" is FQDN to resolve it each time new connection is forwarded (or at start only by default) -q to supress syslogging for each forwarded connection -t to establish limit for connection life time, in seconds
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5B0063C1.9040000>