From owner-freebsd-net  Fri Nov 16  7: 2:12 2001
Delivered-To: freebsd-net@freebsd.org
Received: from thoth.upan.org (thoth.upan.org [204.107.76.16])
	by hub.freebsd.org (Postfix) with ESMTP id E38A037B417
	for <net@FreeBSD.ORG>; Fri, 16 Nov 2001 07:02:08 -0800 (PST)
Received: from ocsinternet.com (localhost [127.0.0.1])
	by thoth.upan.org (8.11.3/8.11.3) with ESMTP id fAGE8AZ00430;
	Fri, 16 Nov 2001 09:08:10 -0500 (EST)
	(envelope-from mikel@ocsinternet.com)
Message-ID: <3BF51DC8.A2AC1549@ocsinternet.com>
Date: Fri, 16 Nov 2001 09:08:09 -0500
From: Mikel King <mikel@ocsinternet.com>
X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386)
X-Accept-Language: en
MIME-Version: 1.0
To: Julian Elischer <julian@elischer.org>
Cc: Chrisy Luke <chrisy@flix.net>,
	Julian Elischer <julian@vicor-nb.com>, net@FreeBSD.ORG
Subject: Re: RFC: ipfirewall_forward patch
References: <Pine.BSF.4.21.0111141707210.4779-100000@InterJet.elischer.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Just curious, but what's a doddle?

Cheers,
mikel

Julian Elischer wrote:

> On Thu, 15 Nov 2001, Chrisy Luke wrote:
> > > > only packets already leaving the system can be hijacked and forwarded
> > > > to a 2nd machine. Incoming packets can only be forwarded to local
> > > > addresses/port combinations.
> >
> > My fault. I was being lazy when I wrote it. :)
>
> Ah it WAS you I committed it for wasn't it? :-)
>
> >
> > > > This patch would allow a sequence of mchines to hijack
> > > > a particular conforming packet and pass it allong a chain of
> > > > these machine sot make it fall out somewhere else..
> >
> > It looks good. The ipfw syntax doesn't quite make sense to me.
>
> They all have different bits masked by  the netmask..
>
> > Also, are you requiring that they all be on the same ipfw rule number?
>
> No, I was lazy..
> (cut'n'pasted the rules)
>
> >
> > Writing a script to probe a serving host and alter ipfw rules could be
> > done seamlessly if they were on seperate ipfw rules.
>
> well sure.. it's the mechanism not the details I was looking at..
> Can you check my logic on the changes.?
> I'll be testing it more tonight..
>
> >
> > With a similar trick to move aliases around on a primary ether port,
> > it's going to be a doddle to setup a clustered-transparent loadbalancer
> > in FreeBSD now. Neat. :)
>
> that's the theory..
>
> Why make a huge complicated program to do it when
> you can do it with ipfw :-)
>
> >
> > Cheers,
> > Chris.
> > --
> > == chris@easynet.net                                    T: +44 845 333 0122
> > == Global IP Network Engineering, Easynet Group PLC     F: +44 845 333 0122
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-net" in the body of the message
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message