Date: Fri, 22 Oct 2010 09:49:54 -0200 From: Eduardo Meyer <dudu.meyer@gmail.com> To: Brandon Gooch <jamesbrandongooch@gmail.com> Cc: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>, Luiz Otavio O Souza <lists.br@gmail.com>, ipfw@freebsd.org, Julian Elischer <julian@freebsd.org>, Adrian Chadd <adrian@ucc.gu.uwa.edu.au> Subject: Re: layer2 ipfw 'fwd' support Message-ID: <AANLkTimy5E20WdpVmwug5kZ1eTJ9G7Cvt2Lee9_miVYi@mail.gmail.com> In-Reply-To: <AANLkTikHcEn5yKJdTRYV4WjPkeEosWtGZvyyOeEK2%2BgZ@mail.gmail.com> References: <AANLkTi=wHkmfDmoPrKN1SRcE9m=1_5iieAd85hQNWHs1@mail.gmail.com> <AANLkTinj8wd9AbROwRzUAUK=XraYmTDkoB3MGddqq-Tn@mail.gmail.com> <AANLkTin1vXOMPT6m8ybhNQk9G7WjDrCcSArP3Zwf65cR@mail.gmail.com> <4CAA1E7B.1020107@freebsd.org> <AANLkTikExTKMWvvDwn=rVUSqwz6UeVXi8WOSsHROQYq%2B@mail.gmail.com> <4CAA45CC.8020304@freebsd.org> <AANLkTikAd_fke1HfMgRy3h4fXpo7_DcX3E4%2BTu__3my8@mail.gmail.com> <4CAB8B35.7020703@freebsd.org> <AANLkTi=hoe%2BCaV6%2BbyagXYwzDRAHqCseh-M_44OxEeJO@mail.gmail.com> <4CACE7DE.9020106@freebsd.org> <AANLkTik2KEYACzjfTS%2BXpB3OiaJL-uYckbLbf2C0DWaS@mail.gmail.com> <AANLkTi=syThdw-%2B%2BKAbVdJLGrh2JEFUJi5ztKs9cxWFE@mail.gmail.com> <AANLkTikHcEn5yKJdTRYV4WjPkeEosWtGZvyyOeEK2%2BgZ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 8, 2010 at 4:02 PM, Brandon Gooch <jamesbrandongooch@gmail.com> wrote: > On Fri, Oct 8, 2010 at 10:55 AM, Eduardo Meyer <dudu.meyer@gmail.com> wrote: >> On Thu, Oct 7, 2010 at 10:23 PM, Eduardo Meyer <dudu.meyer@gmail.com> wrote: > [SNIP] >> Luiz has added it to: http://loos.no-ip.org:280/lusca_bridge.diff >> >> I have tested and it works pretty well. >> >> I hope someone can add it to -HEAD, so we won't loose it again. With >> time, ipfw code changes and such great patches like Rizzo's and >> Julian's stop working one day. It's bad we miss such great >> functionality. > > Sounds like a reasonable request. I hope it is considered. > >> Thank you again everyone envolved. > > Thanks goes to you for your persistence in getting this working. > >> Adrian / Luiz / Julian, >> >> With this patch fwd does it's job on L2, ordinary proxy works like a >> charm. But TPROXY won't work. It would be perfect to have both >> features together. If you can suggest any further tests or changes I >> will be pleased to test. > > To be clear, are we getting to the point of having the capability in > ipfw of doing something like this in pf: > > ... > pass in quick on $INT_IF route-to lo0 inet proto tcp from any to > 127.0.0.1 port 3128 keep state > ... Yes, pretty much that. > > ...thus allowing true, transparent proxying? > > I really thought that this was possible already with ipfw :( I need to > do some more reading... > > I would be very interested in obtaining details on your final setup, > once everything is in place and fully functioning :) Right. I'm still working on that. We have separated grat things working perfectly. Now I want to glue it together. TPROXY with FreeBSD's IP_BINDANY works perfectly based on L3 redirection with IPFW. Now we can do IPFW L2 redirection/forwarding. So I want to be able to use both togerther, TPROXY with IPFW L2 forwarding. I am investigating the code, learning, trying some tests; since I am not a developer, not good at hacking 3rd party code, I am trying some dirty tricks. Unsucessfull right now but still investigating. Thank you for your interest :-) > > -Brandon > -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTimy5E20WdpVmwug5kZ1eTJ9G7Cvt2Lee9_miVYi>