UDP catchall
Brooks Davis
brooks at freebsd.org
Thu Nov 1 08:06:20 PDT 2007
On Wed, Oct 31, 2007 at 09:53:56AM -0700, Julian Elischer wrote:
> It's possible using ipfw to mostly implement this, and with an upcoming
> change, possible to completely implement this.
>
> the "uid" function of ipfw can act as a "does there exist a socket to which
> this packet would go?" test.
> and a variant of it called "for_me" that I am adding (we use it at work)
> does this even better.
>
> so, basically,
>
> yyy: skipto xxx ip from any to-me
> yyy+1: fwd 127.0.0.1,1234
> xxx:
One problem with this kind of implementation is that it's impossible to
make it plug and play. You have to have a firewall configured and you
have to tell mtund where I can stick it's rules so it doesn't screw up
your fireall config and it gets the packets it needs. One major goal of
mtund is that it require as little configuraiton as possible. Ideally,
you could be able to get a connection if it's possible with nothing but
the IP address(es) of the friendly server and the IPoDNS zone.
Also, while it's less useful in the UDP case, the TCP case could be
extremely useful for setting up a poorman's mtund server where you run
ssh or an HTTP service of some sort on every port.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20071101/aa00aa0e/attachment.pgp
More information about the freebsd-net
mailing list