Hi there, Recently I tried to make a transparent web proxy on a machine that run in bridging mode. At last, I decided to make a patch. Here it is for those who want to do the same. One interface should be given an IP address so squid may do a requests. Squid listens on 127.0.0.1:8080. I am using pf firewall, with this redirection rule: rdr on $int proto tcp from any to any port 80 -> (lo0) port 8080
This is what the patch does: static void ether_input() { ... if (packet_is_IP_packet && pf_enabled && mbuf_copy = copy_the_mbuf) { strip_ethernet_headers; run_the_firewall; if (packet_redirected_to_127.0.0.1) bypass_the_bridge free_the_mbuf_copy; } ... } The patch is small, so I include it inline. Tested on 5.4
if_ethersubr.c.patch
Description: Binary data
_______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"