*BSD News Article 33012


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!spool.mu.edu!torn!news.unb.ca!jupiter.sun.csd.unb.ca!b6ps
From: b6ps@jupiter.sun.csd.unb.ca (Peter Howlett)
Newsgroups: comp.os.386bsd.apps
Subject: Routing Software
Date: 14 Jul 1994 17:13:00 GMT
Organization: University of New Brunswick, Fredericton, NB, Canada
Lines: 22
Message-ID: <303rms$a0s@sol.sun.csd.unb.ca>
NNTP-Posting-Host: jupiter.unb.ca
X-Newsreader: TIN [version 1.2 PL2]

Howdy,

I am wondering if there is a package that actually looks
at packets and checks them out before the kernel routes them?

The idea is to have a Net/FreeBSD machine as a firewall that only
routes packets from certain hosts to the local subnet. Options like
tcp_wrappers are out because we want to inspect packets that are
not necessarily meant for the firewall but for machines on either
side of it. Options like socks are not good because programs on the
internal net need to be changed to use the socks library.

If there is not a package like this, would it be a difficult thing
do you think for me to use raw sockets to talk to the IP layer in the
kernel? Or at least get the kernel to give me the packet instead of
just routing the thing? (I have the gated source, I am trying to sort
through it, but while I am doing this, I thought I'd try writing this
note for other ideas.)

-------------------------------------------------------------------
     From:  Peter Howlett               University of New Brunswick  
     Inet:  b6ps@unb.ca			Fredericton, N.B. Canada