Date: Thu, 1 Nov 2007 10:06:13 -0500 From: Brooks Davis <brooks@freebsd.org> To: Julian Elischer <julian@elischer.org> Cc: freebsd-net@freebsd.org, Brooks Davis <brooks@freebsd.org>, "Bruce M. Simpson" <bms@freebsd.org>, Matus Harvan <mharvan@inf.ethz.ch>, Max Laier <max@love2party.net> Subject: Re: UDP catchall Message-ID: <20071101150613.GA24803@lor.one-eyed-alien.net> In-Reply-To: <4728B324.2000406@elischer.org> References: <20070909201837.GA18107@inf.ethz.ch> <20071026154057.GG1049@styx.ethz.ch> <4722AEB3.1010208@FreeBSD.org> <20071029150424.GA68594@lor.one-eyed-alien.net> <4726395B.8080905@FreeBSD.org> <20071031144915.GE1165@styx.ethz.ch> <4728B324.2000406@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--PNTmBPCT7hxwcZjr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 31, 2007 at 09:53:56AM -0700, Julian Elischer wrote: > It's possible using ipfw to mostly implement this, and with an upcoming= =20 > change, possible to completely implement this. >=20 > the "uid" function of ipfw can act as a "does there exist a socket to whi= ch=20 > this packet would go?" test. > and a variant of it called "for_me" that I am adding (we use it at work)= =20 > does this even better. >=20 > so, basically, >=20 > yyy: skipto xxx ip from any to-me > yyy+1: fwd 127.0.0.1,1234 > xxx: One problem with this kind of implementation is that it's impossible to make it plug and play. You have to have a firewall configured and you have to tell mtund where I can stick it's rules so it doesn't screw up your fireall config and it gets the packets it needs. One major goal of mtund is that it require as little configuraiton as possible. Ideally, you could be able to get a connection if it's possible with nothing but the IP address(es) of the friendly server and the IPoDNS zone. Also, while it's less useful in the UDP case, the TCP case could be extremely useful for setting up a poorman's mtund server where you run ssh or an HTTP service of some sort on every port. -- Brooks --PNTmBPCT7hxwcZjr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFHKetlXY6L6fI4GtQRAoLWAKCdLXwJXpMtKehfvtldBYOi0KYvSACgjaI1 KFUuaoL7xTz5L8PcSgMRtGo= =VG0z -----END PGP SIGNATURE----- --PNTmBPCT7hxwcZjr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071101150613.GA24803>