IPDIVERT
Clement Laforet
sheepkiller at cultdeadsheep.org
Tue Apr 29 13:14:45 PDT 2003
On Wed, 30 Apr 2003 02:36:41 +0700
Max Khon <fjoe at iclub.nsu.ru> wrote:
> hi, there!
Hi, Max !
> I have a suggestion to build GENERIC and ipfw.ko with IPDIVERT by
> default or change IPDIVERT to NOIPDIVERT and build boot kernels with
> NOIPDIVERT. The main goal is to allow to use NAT with stock kernels
> and ipfw.ko.
>
> Comments?
yes, but I don't know if I'm right :p
IPDIVERT isn't designed to be manageable by ipfw.
I (mis)read the kernel IP source few day ago (I'm playing with
libalias) and that's what I understood :
IPDIVERT is a way to reinject IP packets into the IP stack. It
seems to be a big workaround for users who wished NAT than a real
solution. ipfw only add a flag "to be diverted" to packets.
IPDIVERT is a big workaround, libalias is a very big workaround ;)
Considering that NAT'ing using natd/libalias/divert is not very clean
way of doing NAT, why should it be in the GENERIC kernel ?
however, it sould be easy to build it as module.
regards,
clem
More information about the freebsd-net
mailing list