Date: Fri, 09 Jun 2000 16:39:39 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Andy Dills <andy@xecu.net> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Hijacking DNS with ipfw Message-ID: <200006092339.e59Ndgw02026@cwsys.cwsent.com> In-Reply-To: Your message of "Fri, 09 Jun 2000 19:01:00 EDT." <Pine.GSO.4.21.0006091900050.21767-100000@shell.xecu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.GSO.4.21.0006091900050.21767-100000@shell.xecu.net>, Andy Dill s writes: > > (I'm not a member of this list, so please cc me on replies. Thanks.) > > I'm having what appears to be a fundemental problem, and I was hoping > somebody on the list might have an idea on how to proceed. As far as I can > tell from the archives, this hasn't been addressed. > > I'm in a situation where I have customers with various DNS servers > configured. These customers are all behind a FreeBSD (4.0-R) box. The > FreeBSD box is running named (among other things). > > I had thought that this rule would cut it: > > ipfw add 10 fwd 127.0.0.1,53 udp from any to any 53 recv xl1 > > But that just doesn't work. I'm assuming it's because maybe named gets > confused because fwd rules preserve the dest IP (as fwd rules are intended > to be used in transparent cacheing). > > Does anybody have a suggestion on how to approach this? This just changes the next hop a packet would take to its final destination. You'll need to use NAT to do what you want. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006092339.e59Ndgw02026>