Hi all,

Is there a userspace facility on NetBSD which allows a TCP proxy daemon to spoof the source address for the life of a TCP connection to that of the actual internet client when connecting from a gateway to an internal service? This way the internal machine would see the connection as originating from the client rather than from the proxy gateway.

I have looked into ipnat, but this would not seem to solve the issue at hand, I previously wrote an FTP passive proxy (mmtcpfwd) which requires this feature, it currently works on Linux but I would like to port it to NetBSD...

A possibly viable method seems to be running part of the system as uid 0 so that interaction with the kernel would occur frequently to forward ports, using the same techniques which ipnat and ipf are using... Is there any other
solution?

Matt