Am 20.08.2008 um 19:27 schrieb Javier Ubillos:
Hi freebsd-hackers.
(Sorry for cross posting, but I got no reply when posting to
freebsd-questions)
I'm implementing a NAT (1 ip - 1 ip) like router.
I have chosen to use pcaplib to pick up the packets. I have an
implementation which picks up the packets, inspects them, rewrites the
destination/source ip-addresses and sends them out on the repective
interface.
The problem I'm facing however is that my interfaces are answering to
e.g. icmp-echo (ping) automatically, and I don't know how to turn this
behaviour off.
What I want to happen is that if A pings C, my router B in between
should simply forward the packets w/o any automatic reactions.
A --> B --> C
So that if e.g. C is down, no echo-reply is sent back (or if C is up,
that C is actually sending the echo-reply.
Does any one know how to turn off the automatic replies (ICMP and
whatever else I haven't forseen yet) or does any one know where I can
find out more about the issue?
bpf, which libpcap uses, gives you a copy of the received packet, so
the kernel will process it.
Typically, if you want to process packets before the host sees them,
you'd use ipfw(4) and a divert(4) socket, like natd(8) does. This
allows you to modify any packet entering the system, modify it, and
(if appropriate) reinject it into the stack.
You can also configure your own tun(4) interface to get packets out of
the kernel and process them, which might be ideal if you want to
process all traffic for an IP.
And finally, unless you have really weird requirements, ipfw or pf
rules will likely work without any special programming.
HTH,
Stefan
--
Stefan Bethke <[EMAIL PROTECTED]> Fon +49 170 346 0140
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
