From owner-freebsd-current Wed Jun 10 10:26:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA21341 for freebsd-current-outgoing; Wed, 10 Jun 1998 10:26:13 -0700 (PDT) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA21329 for ; Wed, 10 Jun 1998 10:26:08 -0700 (PDT) (envelope-from julian@whistle.com) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id KAA20607; Wed, 10 Jun 1998 10:14:43 -0700 (PDT) Received: from current1.whistle.com(207.76.205.22) via SMTP by alpo.whistle.com, id smtpd020601; Wed Jun 10 17:14:34 1998 Message-ID: <357EBEF4.33590565@whistle.com> Date: Wed, 10 Jun 1998 10:14:28 -0700 From: Julian Elischer Organization: Whistle Communications X-Mailer: Mozilla 3.0Gold (X11; I; FreeBSD 2.2.5-RELEASE i386) MIME-Version: 1.0 To: "Rodney W. Grimes" CC: current@FreeBSD.ORG Subject: Re: Annnonce: Transparent proxy patches References: <199806101635.JAA14402@GndRsh.aac.dev.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Rodney W. Grimes wrote: > > > > > Chrisy Luke posted a mixed set of patches > > recently that added the ability to do transparent proxying > > to FreeBSD, however there were several shortcomings. > > 1/ In particular you really needed 2 machines or to match 2 different > > rules to be able to do some redirections. > > > > 2/ They were part of his 'multipath' patches. > > > > I have separated them out and updted them for -current. > > I have also put in some code to allow local redirection of outgoing > > packets. > ... > > Hummm... this has some other interesting applications, one could control > which outbound connection was used from a multi-homed border router based > upon source ip address it appears: > > ipfw add 2 fwd eth0 ip from X.X.X.0/24 to any > ipfw add 3 fwd eth1 ip from Y.Y.Y.0/24 to any > > or does the code have this ability? And/or do you need to be > more specific about protocols/ports? If you don't specify a new port, it will use the originally specified port. Of course ports only make sense for local diversions as the packet is not altered, so once it has left this machine, the diversion is finished. You can only specify a target by IP address, but yes, if you had 2 default routes, you could easily do this.. so it would look like: ipfw add 2 fwd isp1-gw ip from X.X.X.0/24 to any ipfw add 2 fwd isp2-gw ip from Y.Y.Y.0/24 to any (of course the OTHER part of Chrisy's patch (mpath) does this even better by allowing you to specify multiple default routes and letting the system multiplex on them.. > > -- > Rod Grimes - KD7CAX - (RWG25) hmm KD7CAX, I didn't know you were a HAM.. Is this new or old? > rgrimes@gndrsh.aac.dev.com > Accurate Automation, Inc. Reliable computers for FreeBSD > http://www.aai.dnsmgr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message