Redirection with a bridge ?

[Chuck Swiger]

Matt Juszczak wrote:
> Is there a way to do IP redirection without using layer 3? (IPNAT or 
> routing)?  I have a bridge setup and want to redirect any port 80 
> traffic outgoing through the bridge to a specific server .... but it 
> seems I can only do this with ipfw's forward/fwd or ipnat's rdr commands 
> ... which are all layer 3 oriented and dont work with just a bridge...

Well, you can use layer-2 bridging to forward network traffic to any directly 
connected physical subnet you want to, and you can use "ifconfig alias" to 
give machines on that subnet multiple IPs.

If a machine sees traffic to its MAC address and/or is in promiscuous mode 
(which is what a FreeBSD bridge sets the interfaces it uses to), the machine 
will pay attention to those packets.  If the packets contain IP addresses 
which the machine believes belong to it, then it will respond appropriately.

Frankly, however, I suspect that you are confusing yourself more than you are 
solving the problem you actually want to solve.  :-)  Given a sufficiently 
complex set of firewall rules, packet forwarding, NAT re-writing, and whatever 
else, you can mangle packets in pretty much any way one can think of.

Do this only when you need to, to the extent that is useful.  If setting up a 
"normal" network and letting the default TCP/IP local-subnet and routing 
behaviors do the right thing is at all possible, let the default behavior work 
for you.

-- 
-Chuck