Article delegate-en <_A4350@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[delegate-en/4350] [Reference:]
Newsgroups: mail-lists.delegate-en

Re: Few questions about transparent proxy & srcif
23 Jan 2009 08:16:11 GMT     feedback@delegate.org (Yutaka Sato)
The DeleGate Project

In message  on 01/12/09(07:08:27)
you "Master NoSFeRaTU"  wrote:
 |> recompilation or so, I will not try it because I don't like to have
 |> DeleGate depend on some specific kernel option rather than the generic.
 |The problem is in generic kernel ipfw not available and ipfw is
 |loading from module with limited functionality. Ifpw forwarding only
 |works in kernel mode with enabled IPFIREWALL_FORWARD. And I think
 |rebuilded kernels used by over 90% of FreeBSD users.

I'm using nearly 30 operating systems including 4 versions of FreeBSD,
just for building and testing DeleGate on each platform, but I'm not
a real "user" of any specific operation system.

 |> If your requirement is bypassing routing for outgoing connection (and/or
 |> if you can use the network interface for incoming connection for it),
 |> SRCIF="dontroute.clif.-"
 |> will be useful as written in
 |> <URL:http://www.delegate.org/mail-lists/delegate-en/4030>
 |> Maybe you need 9.9.1-pre7 to make this work because this needs recognition
 |> of real incoming interface, which was realized for ipfw in 9.9.1-pre7.
 |No, because this function depends on where client come from, but I
 |want that delegate routes packets ONLY through specified interface.

Thank you.  Maybe this is the first time I recgnized and you mentioned
clearly about what your requirement is, the most informative information
for me and difficult to imagine.  It will be more helpful to for me to
be shown why you need it.

 |But now if interface goes down, than specified SRCIF ip isn't
 |available and all traffic starts going through default gateway... and
 |different interface... I attached fast hackpatch with previous mail
 |which sets SO_DONTROUTE option if specified SRCIF ip isn't available
 |in current time. Now client receives unreachable error until interface
 |stand up.

In DeleGate/9.9.1-pre8, I added "-dontroute." to be prefixed to a hostname
in SRCIF.  If unconditionally seting SO_DONTROUTE fits your requirment,
this is it.

  SRCIF="-dontroute.if1"
  HOSTS="-dontroute.if1/10.1.1.1"

This "-dontroute." prefix can be used just to set SO_DONTROUTE leaving the
socket unbound (or bound to 0.0.0.0).

  SRCIF="-dontroute.if1"
  HOSTS="-dontroute.if1/0.0.0.0"

Cheers,
Yutaka
--
  9 9   Yutaka Sato  http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller
  search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V