RedirectConnections Method of the IFWXSession Interface

  • Article

The RedirectConnections method enables connections by using a local, internal Microsoft Firewall service address.

Syntax

HRESULT RedirectConnections(
  [in]            LPSOCKADDR ConnectAddresses[],
  [in]            DWORD ConnectAddressLength,
  [in]            DWORD dwNumberOfAddresses,
  [out]           LPSOCKADDR InternalAddress,
  [in, out]       LPDWORD InternalAddressLength,
  [in]            LPSOCKADDR ProxyExternalAddress,
  [in]            DWORD ProxyExternalAddressLength,
  [in]            INT Protocol,
  [in]            DWORD dwFlags,
  [in]            REFGUID ProtocolGuid,
  [in, optional]  IFWXSessionFilter* pSessionFilter,
  [in, optional]  IUnknown* punkContext,
  [out]           IFWXFirewallAction* FirewallActionArray[]
);

Parameters

  • ConnectAddresses
    Pointer to an array of pointers to sockaddr structures that contain the addresses to which the client connections will be redirected.

  • ConnectAddressLength
    Length, in bytes, of the addresses pointed to by the ConnectAddresses parameter.

  • dwNumberOfAddresses
    Number of addresses in the ConnectAddresses array.

  • InternalAddress
    The socket address on the Forefront TMG internal interface where the client should connect. This value is updated by the Firewall service.

  • InternalAddressLength
    Length, in bytes, of the InternalAddress parameter.

  • ProxyExternalAddress
    Pointer to a sockaddr structure that contains the Forefront TMG computer's external address used for the connection. This is useful in the case of multihomed Forefront TMG computers. Requesting a specific address ensures that a secondary connection uses the same IP address as the primary connection. This parameter can be NULL, defaulting to INADDR_ANY and 0 (any port).

  • ProxyExternalAddressLength
    Length, in bytes, of the ProxyExternalAddress structure.

  • Protocol
    Protocol flags. This parameter can have the following flag values:

    Value Meaning

    FWX_PROTOCOL_TCP

    The connection will use a TCP socket.

    FWX_PROTOCOL_UDP

    The connection will use a UDP socket.

  • dwFlags
    Connection flags. This parameter can be a combination of the following values:

    Value Meaning

    FWX_FLAG_ALLOW_MULTIPLE

    By default, a single outbound connection is expected. If this flag is specified, multiple connections to the same address will be possible.

    FWX_FLAG_TIMEOUT

    The client is expected to use the permission shortly after the call. If the client does not make the connection, the permission automatically expires.

    FWX_FLAG_NO_KERNEL_MODE

    Each connection goes through user-mode code, regardless of whether kernel mode could be used for the connection.

    FWX_INCREASE_RECEIVE_BUFFER

    The receive buffer will be increased to 64 kilobytes. This flag should be set to prevent packet loss if high-bandwidth packet bursts occur in a secondary UDP connection.

  • ProtocolGuid
    GUID that identifies the protocol that the connection is part of.

  • pSessionFilter
    Pointer to the IFWXSessionFilter interface. Use with the punkContext parameter to receive an event of type fwx_EstablishedConnection (as defined in the FxwFirewallEventType enumerated type) from the Firewall service.

  • punkContext
    Provides user context information regarding the connection. Use with the pSessionFilter parameter to receive an event of type fwx_EstablishedConnection from the Firewall service. This parameter can be NULL. Specify NULL if notification of fwx_EstablishedConnection events is not required, or if you do not need to pass any context information.

  • FirewallActionArray
    Pointer to an array of IFWXFirewallAction interface pointers. The array is filled with pointers to IFWXFirewallAction interfaces to the firewall action objects created by this call. The array contains dwNumberOfAddresses pointers.

Return Value

This method returns S_OK if the call is successful; otherwise, it returns an error code.

Remarks

This method is intended for use by filters that act as an application proxy that has to establish secondary connections and give the same address as the primary connection for the secondary connection.

Filters for Forefront TMG Client and Firewall Client computers and for SecureNAT clients usually use AllowFutureConnect instead.

Calling this method causes all filters that are registered for connect events on the appropriate port to be notified. If no data filters are installed, a kernel-mode NAT redirection may result.

Requirements

Server Requires Windows Server 2008 R2 or Windows Server 2008 x64 Edition with SP2.
Version Requires Forefront Threat Management Gateway (TMG) 2010.
Header

Declared in Wspfwext.idl.
DLL

Requires Wspsrv.exe.

See Also

IFWXSession
IFWXFirewallAction
IFWXSession::AllowFutureConnect

Send comments about this topic to Microsoft

Build date: 6/30/2010