On Thu, 15 Nov 2001, Chrisy Luke wrote:
> > > only packets already leaving the system can be hijacked and forwarded
> > > to a 2nd machine. Incoming packets can only be forwarded to local
> > > addresses/port combinations.
>
> My fault. I was being lazy when I wrote it. :)
Ah it WAS you I committed it for wasn't it? :-)
>
> > > This patch would allow a sequence of mchines to hijack
> > > a particular conforming packet and pass it allong a chain of
> > > these machine sot make it fall out somewhere else..
>
> It looks good. The ipfw syntax doesn't quite make sense to me.
They all have different bits masked by the netmask..
> Also, are you requiring that they all be on the same ipfw rule number?
No, I was lazy..
(cut'n'pasted the rules)
>
> Writing a script to probe a serving host and alter ipfw rules could be
> done seamlessly if they were on seperate ipfw rules.
well sure.. it's the mechanism not the details I was looking at..
Can you check my logic on the changes.?
I'll be testing it more tonight..
>
> With a similar trick to move aliases around on a primary ether port,
> it's going to be a doddle to setup a clustered-transparent loadbalancer
> in FreeBSD now. Neat. :)
that's the theory..
Why make a huge complicated program to do it when
you can do it with ipfw :-)
>
> Cheers,
> Chris.
> --
> == [EMAIL PROTECTED] T: +44 845 333 0122
> == Global IP Network Engineering, Easynet Group PLC F: +44 845 333 0122
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
