From owner-freebsd-stable@FreeBSD.ORG Wed Apr 18 04:57:35 2007 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AA85016A403 for ; Wed, 18 Apr 2007 04:57:35 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.243]) by mx1.freebsd.org (Postfix) with ESMTP id 689A213C455 for ; Wed, 18 Apr 2007 04:57:35 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by an-out-0708.google.com with SMTP id c24so49959ana for ; Tue, 17 Apr 2007 21:57:34 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=H5TZcZvEcLlJoS1cF46aQKC4HdqCFyCWp5pP4Jnvu9sJAmFNVkZ+VejpuuRMeVYW4J5amNQnx2wI4KjmJU9zExNy4azXpWfkYkYSgvhdtkpkKAWdWAWNeOR0lLAeyc3583Uqy9svwGsv73Tu6OI/l3jEUwrXYAPMlAjbZm6DKlE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=cGGtLqDNXc3iuQDkfCtgujUPW9ZSBVEVQO/QIB4x5cYs2cH7ma23B6+sPQ9ZvXQhKwfkJJs8do3cickn9Hc9GhmezMw5uv5F3jPfg4JsFG/hQrlgrhY6GeZUic1Cw0fXCnNqA0ueDiOTQWUhsIv4ZfriGaeZllrZH0OPzWkNx8g= Received: by 10.100.39.17 with SMTP id m17mr86100anm.1176872254372; Tue, 17 Apr 2007 21:57:34 -0700 (PDT) Received: by 10.100.197.3 with HTTP; Tue, 17 Apr 2007 21:57:34 -0700 (PDT) Message-ID: Date: Wed, 18 Apr 2007 12:57:34 +0800 From: "Adrian Chadd" Sender: adrian.chadd@gmail.com To: zen In-Reply-To: <46257D1A.7050808@tk-pttuntex.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <46247471.9030503@tk-pttuntex.com> <200704172129.22275.sanya-spb@list.ru> <20070418095903.12432@caamora.com.au> <462575D4.2010801@tk-pttuntex.com> <20070418115654.30422@caamora.com.au> <46257D1A.7050808@tk-pttuntex.com> X-Google-Sender-Auth: 4b013f44b13cf9ce Cc: jonathan michaels , freebsd-stable@freebsd.org Subject: Re: tproxy on freebsd X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Apr 2007 04:57:35 -0000 On 18/04/07, zen wrote: > i think so, it work on most of linux machine depend on your linux kernel. > here is the patch for the kernel : > http://www.balabit.com/downloads/tproxy/ > but if i cand choose linux or FreeBSD i preferred FreeBSD ( i'm a > FreeBSD die hard user). > that's why i ask the people here, maybe they have solutions regarding > this problems. A little birdie has told me that this mode of transparent client-spoofing is possible with FreeBSD with a little kernel hackery (much less than whats needed for TPROXY.) Maybe someone who "knows" the code better than I could comment on how difficult it'd be to add in functionality to FreeBSD to spoof the local IP of a connected socket for outbound connections. This of course assumes symmetric traffic flows but thats already a given in a setup like this. Adrian -- Adrian Chadd - adrian@freebsd.org