From owner-freebsd-questions@FreeBSD.ORG Wed Jul 28 09:37:03 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7D3216A4CE for ; Wed, 28 Jul 2004 09:37:03 +0000 (GMT) Received: from host.bsdhost.net (host.bsdhost.net [66.160.134.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id C22FD43D3F for ; Wed, 28 Jul 2004 09:37:03 +0000 (GMT) (envelope-from fred@bsdhost.net) Received: from beaujon-1-81-57-7-31.fbx.proxad.net ([81.57.7.31] helo=[172.16.1.3]) by host.bsdhost.net with asmtp (Exim 4.32; FreeBSD) id 1Bpkj6-000AUG-K6; Wed, 28 Jul 2004 02:27:56 -0700 In-Reply-To: <20040728085016.GB72137@happy-idiot-talk.infracaninophile.co.uk> References: <41075B49.10005@softjoys.com> <671075AC-E06F-11D8-B215-000A9575BCC8@bsdhost.net> <20040728085016.GB72137@happy-idiot-talk.infracaninophile.co.uk> Mime-Version: 1.0 (Apple Message framework v618) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: fred@bsdhost.net Date: Wed, 28 Jul 2004 11:37:04 +0200 To: Matthew Seaman X-Mailer: Apple Mail (2.618) cc: questions@freebsd.org Subject: Re: ip traffic redirection. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jul 2004 09:37:04 -0000 Hello Matthew, Thanks for your email. This looks like a good lead for what I need to do. Just one more question. Is there a user level bridge package on FreeBSD ? Fred On Jul 28, 2004, at 10:50 AM, Matthew Seaman wrote: > On Wed, Jul 28, 2004 at 10:23:28AM +0200, fred@bsdhost.net wrote: > >> This is maybe the wrong list for this question but anyway... > > No -- this is the right list for questions. > >> For a proof of concept I need to setup a gateway to divert certain >> kind >> of ip traffic to a special program who do some counting and >> modification on these packets and then re-inject them back. This has >> to >> be a gateway and not a router. > > Yes, that's doable. It sounds very much like transparent proxying. > So long as you can select the traffic you want to process solely by > examining the IP headers it should be easy. Of course, the process > you feed the selected packets to can do whatever it wants with them > and can be programmed to decode packet payloads as required. > >> Does someone know if there is a package un the FreeBSD ports who can >> help me do that? Can I do that using ipfw and in that case can someone >> send me a pointer to some docs or examples ? > > What you want to do sounds very much like transparent proxying. That > can be implemented fairly simply under FreeBSD using, for example > ipfw(8)'s 'fwd' mechanism. > > There's a nics discussion in the Squid FAQ which you should be able to > mine for clues: > > http://www.squid-cache.org/Doc/FAQ/FAQ-17.html > > Cheers, > > Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks > Savill Way > PGP: http://www.infracaninophile.co.uk/pgpkey Marlow > Tel: +44 1628 476614 Bucks., SL7 1TH > UK