Date: Thu, 15 Nov 2001 00:16:10 +0000 From: Chrisy Luke <chrisy@flix.net> To: Julian Elischer <julian@vicor-nb.com> Cc: net@freebsd.org Subject: Re: RFC: ipfirewall_forward patch Message-ID: <20011115001610.A6212@flix.net> In-Reply-To: <3BF306D2.3A50C4AF@vicor-nb.com>; from julian@vicor-nb.com on Wed, Nov 14, 2001 at 04:05:38PM -0800 References: <3BF30699.E8CC9857@vicor-nb.com> <3BF306D2.3A50C4AF@vicor-nb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote (on Nov 15): > Oops forgot the patch.. here it is... I almost replied to the first - too quick off the mark! > Julian Elischer wrote: > > Ipfw 'fwd' at present has teh following restriction: > > > > only packets already leaving the system can be hijacked and forwarded > > to a 2nd machine. Incoming packets can only be forwarded to local > > addresses/port combinations. My fault. I was being lazy when I wrote it. :) > > This patch would allow a sequence of mchines to hijack > > a particular conforming packet and pass it allong a chain of > > these machine sot make it fall out somewhere else.. It looks good. The ipfw syntax doesn't quite make sense to me. Also, are you requiring that they all be on the same ipfw rule number? Writing a script to probe a serving host and alter ipfw rules could be done seamlessly if they were on seperate ipfw rules. With a similar trick to move aliases around on a primary ether port, it's going to be a doddle to setup a clustered-transparent loadbalancer in FreeBSD now. Neat. :) Cheers, Chris. -- == chris@easynet.net T: +44 845 333 0122 == Global IP Network Engineering, Easynet Group PLC F: +44 845 333 0122 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011115001610.A6212>