Date: Sat, 19 Jun 2004 12:13:42 -0400 From: Chuck Swiger <cswiger@mac.com> To: Matt Juszczak <matt@atopia.net> Cc: freebsd-questions@freebsd.org Subject: Re: Redirection with a bridge ? Message-ID: <40D46636.1020909@mac.com> In-Reply-To: <40D3752A.8000809@atopia.net> References: <40D3752A.8000809@atopia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Juszczak wrote: > Is there a way to do IP redirection without using layer 3? (IPNAT or > routing)? I have a bridge setup and want to redirect any port 80 > traffic outgoing through the bridge to a specific server .... but it > seems I can only do this with ipfw's forward/fwd or ipnat's rdr commands > ... which are all layer 3 oriented and dont work with just a bridge... Well, you can use layer-2 bridging to forward network traffic to any directly connected physical subnet you want to, and you can use "ifconfig alias" to give machines on that subnet multiple IPs. If a machine sees traffic to its MAC address and/or is in promiscuous mode (which is what a FreeBSD bridge sets the interfaces it uses to), the machine will pay attention to those packets. If the packets contain IP addresses which the machine believes belong to it, then it will respond appropriately. Frankly, however, I suspect that you are confusing yourself more than you are solving the problem you actually want to solve. :-) Given a sufficiently complex set of firewall rules, packet forwarding, NAT re-writing, and whatever else, you can mangle packets in pretty much any way one can think of. Do this only when you need to, to the extent that is useful. If setting up a "normal" network and letting the default TCP/IP local-subnet and routing behaviors do the right thing is at all possible, let the default behavior work for you. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40D46636.1020909>