I am trying to add to my firewall a utility which catches SYN requests, does not respond but establishes another network interface, and then repeats the SYN (spoofed) over the new interface thus giving an instant reponse when the link goes up.
The problem I'm having is that I can't figure out how to make the kernel NOT send the RST response to client SYNs. I can catch their SYNs fine and bring the link up. What I've tried: /sbin/ipfwadm -I -a accept -r 151 -S 192.168.2.0/24 -P tcp /sbin/ipfwadm -I -a deny -P tcp -S 192.168.2.0/24 -D 192.168.2.254 151 192.168.2.254 is the firewall and 192.168.2.0/24 the subnet it lives on. I *need* the rerouting rule or the raw socket doesn't detect the SYN requests. Interestingly, the socket catches the SYNs no matter where I bind it too as long as that firewall rule is in place... How can I solve this problem w/o ... tweaking ... the kernel?
|