From owner-freebsd-hackers  Wed Jul 23 22:04:48 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id WAA08813
          for hackers-outgoing; Wed, 23 Jul 1997 22:04:48 -0700 (PDT)
Received: from aaka.3skel.com (aaka.3skel.com [207.240.134.73])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA08806
          for <freebsd-hackers@freebsd.org>; Wed, 23 Jul 1997 22:04:41 -0700 (PDT)
Received: from fnur.3skel.com (fnur.3skel.com [192.168.0.8]) by aaka.3skel.com (8.8.5/8.8.2) with ESMTP id BAA29854 for <freebsd-hackers@freebsd.org>; Thu, 24 Jul 1997 01:04:38 -0400 (EDT)
Received: from fnur.3skel.com (fnur.3skel.com [192.168.0.8]) by fnur.3skel.com (8.8.5/8.8.2) with ESMTP id BAA05666 for <freebsd-hackers@freebsd.org>; Thu, 24 Jul 1997 01:04:38 -0400 (EDT)
Message-ID: <33D6E265.46DEFC7@3skel.com>
Date: Thu, 24 Jul 1997 01:04:37 -0400
From: Dan Janowski <danj@3skel.com>
Organization: Triskelion Systems, Inc.
X-Mailer: Mozilla 4.0b5C (X11; I; FreeBSD 2.2.1-RELEASE i386)
MIME-Version: 1.0
To: hackers <freebsd-hackers@freebsd.org>
Subject: ipfw divert, transparent proxy
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I am replacing an old TIS firewall that has one very
interesting feature that I am looking to provide with my
FreeBSD 2.2.2 box. It is this:

They use ipfs which has the capability of "transparently" doing
packet re-rerouting and, thereby, proxy transparently.

(This is my understanding from looking at the config for
about five minutes)

With the TIS firewall set as a client's default router,
this "transparent" mechanism will take a packet that is
destined for x.x.x.x:port, where x.x.x.x is an exterior
Internet address, and essentially drop the IP address and
deliver the packet to the local "port". 

This has some limited usefulness. Some services, like whois,
that always go to the InterNIC can be automatically proxied.
In this particular case, AOL (yuck) is the problem. There is no
proxying for AOL's client, but this transparent mechanism works
very well.

How can I do this? I know that the current ipfw supports divert
sockets, but I don't see any references to a general purpose
proxy (like plug-gw) that supports diverts. Delegate does application
proxy, but I don't see divert support there.

Any hints?

Thanks,

Dan

-- 
danj@3skel.com
Dan Janowski
Triskelion Systems, Inc.
Bronx, NY