layer2 ipfw 'fwd' support
Eduardo Meyer
dudu.meyer at gmail.com
Fri Oct 22 11:49:56 UTC 2010
On Fri, Oct 8, 2010 at 4:02 PM, Brandon Gooch
<jamesbrandongooch at gmail.com> wrote:
> On Fri, Oct 8, 2010 at 10:55 AM, Eduardo Meyer <dudu.meyer at gmail.com> wrote:
>> On Thu, Oct 7, 2010 at 10:23 PM, Eduardo Meyer <dudu.meyer at gmail.com> wrote:
> [SNIP]
>> Luiz has added it to: http://loos.no-ip.org:280/lusca_bridge.diff
>>
>> I have tested and it works pretty well.
>>
>> I hope someone can add it to -HEAD, so we won't loose it again. With
>> time, ipfw code changes and such great patches like Rizzo's and
>> Julian's stop working one day. It's bad we miss such great
>> functionality.
>
> Sounds like a reasonable request. I hope it is considered.
>
>> Thank you again everyone envolved.
>
> Thanks goes to you for your persistence in getting this working.
>
>> Adrian / Luiz / Julian,
>>
>> With this patch fwd does it's job on L2, ordinary proxy works like a
>> charm. But TPROXY won't work. It would be perfect to have both
>> features together. If you can suggest any further tests or changes I
>> will be pleased to test.
>
> To be clear, are we getting to the point of having the capability in
> ipfw of doing something like this in pf:
>
> ...
> pass in quick on $INT_IF route-to lo0 inet proto tcp from any to
> 127.0.0.1 port 3128 keep state
> ...
Yes, pretty much that.
>
> ...thus allowing true, transparent proxying?
>
> I really thought that this was possible already with ipfw :( I need to
> do some more reading...
>
> I would be very interested in obtaining details on your final setup,
> once everything is in place and fully functioning :)
Right. I'm still working on that. We have separated grat things
working perfectly. Now I want to glue it together. TPROXY with
FreeBSD's IP_BINDANY works perfectly based on L3 redirection with
IPFW. Now we can do IPFW L2 redirection/forwarding. So I want to be
able to use both togerther, TPROXY with IPFW L2 forwarding.
I am investigating the code, learning, trying some tests; since I am
not a developer, not good at hacking 3rd party code, I am trying some
dirty tricks. Unsucessfull right now but still investigating.
Thank you for your interest :-)
>
> -Brandon
>
--
===========
Eduardo Meyer
pessoal: dudu.meyer at gmail.com
profissional: ddm.farmaciap at saude.gov.br
More information about the freebsd-ipfw
mailing list