Pawel Jakub Dawidek wrote:
And what about ipfw variant?
For the first (bridge) case ipfw didn't work at all. No packets were
redirected. I haven't tried for the gateway case, because pf works
there.
ipfw forwarding is disabled for bridge and L2 cases.
(I think the man page says so.)
At Ironport we added some small patche sto allow this to occur.
it is relatively simple..
(less than 10 lines)
When ipfw returns that a packet to the bridge, that has been
marked as 'redirected', then you accept it to the IP stack
as if it was addressed to the local machine. You then make
sure that in L3 ipfe processing, you hit the same fwd rule,
and this time it is sent to the right place.
It does require that ipfw see the packet twice, but it works.
A further hack would be to add code in the IP stack so that
a packet tagged as redirected from the bridge would skip
ipfw in the IP stack and go direct to the redirection.
(but that may open security issues).
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
