Antal Rutz wrote: >Hi, > >Nowadays I have to use a special firewall software ('zorp') but >unfortunately it only runs on linux. the reason is that only linux >has the feature (transparent proxying) to listen on/send packets (sourcing) >from other IP addresses than the machine has. (maybe with an extra kmod) > >The developers told me that they aren't familiar with FreeBSD but would >port their software to it if the OS had support for that t-proxy. > >The question is: Is there any plan to support that thing (maybe through >ipfw, pf or ipfilter - no idea) or is that too sick? > > There is already transparrent proxy support in FreeBSD and ahs been for manyu years. it is accessed through the ipfw "fwd" option.. ipfw add fwd localhost,1234 tcp from {somewhere} to (somewhere) {via some interface} Here's the man entry for that feature. fwd | forward ipaddr[,port] Change the next-hop on matching packets to ipaddr, which can be an IP address in dotted quad format or a host name. The search terminates if this rule matches. If ipaddr is a local address, then matching packets will be for- warded to port (or the port number in the packet if one is not specified in the rule) on the local machine. If ipaddr is not a local address, then the port number (if speci- fied) is ignored, and the packet will be forwarded to the remote address, using the route as found in the local routing table for that IP. A fwd rule will not match layer-2 packets (those received on ether_input, ether_output, or bridged). The fwd action does not change the contents of the packet at all. In particular, the destination address remains unmodified, so packets forwarded to another system will usually be rejected by that system unless there is a matching rule on that system to capture them. For packets forwarded locally, the local address of the socket will be set to the original destination address of the packet. This makes the netstat(1) entry look rather weird but is intended for use with transparent proxy servers. >thanks alot. > >Received on Fri Mar 11 2005 - 21:40:18 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:29 UTC