On 31/7/18 8:01 am, puneet_kumar kumar via freebsd-ipfw wrote:
Hi,
I am trying to change the IP of a TCP packet coming from client and send it to a
server. Client ->freebsd box --> Server. Let's say packet coming out from
client has source IP: 1.1.1.1 and dst IP: 1.1.1.10, I am changing the IP of that
packet to 1.1.1.100 in ether_input function. Reason behind changing it in ether_input
is to do this NAT prior to hit any IPFW rule.
Problem is that packet is not been seen on server. I did check the code path
taken without changing ip and with changing ip all the way to ipfw code and it
looks like it is not dropping there. I am also recalculating the ip checksum so
this cant be an issue either. Can someone suggest me what I am doing wrong?
Puneet
___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
well you have several possibilties..
ipfw can act in ether_input() and you can give it a different set of
rules to run there so that it doesn't interfere with regular ipfw
processing in ip.
Alternatively you could use netgraph to get the packets our and pass
them to natd though that may take a small amount of coding.
___
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
