Microsoft Internet Security and Acceleration Server 2000

IFWXSession::RedirectConnections Method

Enables connections by using a local, internal Firewall service address.

HRESULT RedirectConnections(
  LPSOCKADDR ConnectAddresses[],
  DWORD ConnectAddressLength,
  DWORD dwNumberOfAddresses,
  LPSOCKADDR InternalAddress,
  LPDWORD InternalAddressLength,
  LPSOCKADDR ProxyExternalAddress,
  DWORD ProxyExternalAddressLength,
  INT Protocol,
  DWORD dwFlags,
  REFGUID ProtocolGuid,
  IFWXSessionFilter *pSessionFilter,
  IUnknown *punkContext,


[in] Pointer to an array of pointers to sockaddr structures that contain the addresses to which the client connections will be redirected.
[in] Length, in bytes, of the addresses pointed to by the ConnectAddresses parameter.
[in] Number of addresses in the ConnectAddresses array.
[in] Pointer to a sockaddr structure that contains the address to which the client should connect instead of ConnectAddresses. This would be an internal IP address of the Firewall service.

When dwNumberOfAddresses is more than one, consecutive ports will be allocated by the Firewall service, and this parameter will contain the address by using the lowest port.

[in, out] Length, in bytes, of the InternalAddress parameter.
[in] Pointer to a sockaddr structure that contains the proxy external address used for the connection. This is useful in the case of multihomed proxy servers. Requesting a specific address ensures that a secondary connection uses the same proxy IP address as the primary. This parameter can be NULL, defaulting to INADDR_ANY and 0 (any port).
[in] Length, in bytes, of the ProxyExternalAddress structure.
[in] Protocol flags. This parameter can have the following flag values:
Value Description
FWX_PROTOCOL_TCP The connection will use a TCP socket.
FWX_PROTOCOL_UDP The connection will use a UDP socket.

[in] Connection flags. This parameter can be a combination of the following values:
Value Description
FWX_FLAG_ALLOW_MULTIPLE By default, a single outbound connection is expected. If this flag is specified, multiple connections to the same address will be possible.
FWX_FLAG_TIMEOUT The client is expected to use the permission shortly after the call. If the client does not make the connection, the permission automatically expires.
FWX_FLAG_NO_KERNEL_MODE The connection is forced to go through user-mode code, even if currently there seems to be no reason not to use kernel mode for the connection.

[in] GUID that identifies the protocol that the connection is part of. The GUID is the same GUID supplied to IFWXFilterAdmin::RegisterProtocolForFilter.
Optional. [in] Pointer to the IFWXSessionFilter object. Use with the UserContext parameter to receive the fwx_EstablishedConnection event from the proxy.
Optional. [in] Provides user context information regarding the connection. Use with the pSessionFilter parameter to receive the fwx_EstablishedConnection event from the Firewall service. This parameter can be NULL. Specify NULL if the fwx_EstablishedNotification notification is not required.
[out] Pointer to an array of IFWXFirewallAction interface pointers. The array is filled with pointers to IFWXFirewallAction interfaces to the firewall action objects created by this call. The array contains dwNumberOfAddresses pointers.


This method is intended for use by filters that act as an application proxy that has to establish secondary connections and give the same address as the primary connection for the secondary connection.

Filters for Firewall clients and for SecureNAT clients usually use AllowFutureConnect instead.

Calling this method causes all filters that are registered for connect events on the appropriate port to be notified. If no data filters are installed, a kernel-mode NAT redirection may result.

See Also

IFWXFirewallAction, IFWXSession::AllowFutureConnect, IFWXFilterAdmin::RegisterProtocolForFilter