From owner-freebsd-net@FreeBSD.ORG Fri Aug 31 10:28:11 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2ACDF16A417 for ; Fri, 31 Aug 2007 10:28:11 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id ECEEA13C46B for ; Fri, 31 Aug 2007 10:28:10 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 8997 invoked from network); 31 Aug 2007 05:27:33 -0500 Received: from 124-170-70-31.dyn.iinet.net.au (HELO localhost) (124.170.70.31) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 31 Aug 2007 05:27:32 -0500 Date: Fri, 31 Aug 2007 20:27:29 +1000 From: Norberto Meijome To: FreeBSD Net ML , FreeBSD Questions ML Message-ID: <20070831202729.7e4c0f7a@localhost> X-Mailer: Claws Mail 2.10.0 (GTK+ 2.10.14; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Subject: pf rdr + netsed : reinject loop... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2007 10:28:11 -0000 Hello everyone, I need your help / insight here :) My setup, 2 VMs, XP (WinXP) and BSD (FreeBSD 6.2) [XP ,172.16.82.81 ] --- [172.16.82.81,em1 BSD A.B.C.D,em0] --- The Interweb ---- [Other_servers_galore] A.B.C.D is a public IP. [Other_servers_galore] represents all and any servers XP wants to talk to . I really don't know either port or IP of these servers. BSD is performing as gateway for XP , with NAT on em0 using pf. I want to replace certain bytes (FOO) in TCP packets between XP and [Other_servers_galore] for other bytes (BAR). Vlad Galu pointed out that net/netsed can help with this (with overhead, i know, this is only a test ). (Thanks again! ) so what I have setup : 1) pf.conf has : ---- ext_if="em0" int_if="em1" nat on $ext_if from $internal_net to any -> ($ext_if) rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port 10101 ----- 2) I run netsed in transparent proxy mode as : netsed tcp 10101 0 0 s/FOO/BAR --- The traffic from XP gets redirected just fine to netsed, which replaces the bytes just fine. BUT the changed packets (the output of netsed) get reinjected somewhere so that the rdr hits them again, sending them back to netsed ad infinitum. ( yes, i managed to hit a load of 700+ without anything ever leaving BSD ...quite cool) Now, netsed works just fine in that setup if I define the IP, eg : pf.conf : ext_if="em0" int_if="em1" nat on $ext_if from $internal_net to any -> ($ext_if) rdr on $int_if proto tcp from 172.16.82.81 to O.P.Q.R -> 127.0.0.1 port 10101 netsed : netsed tcp 10101 O.P.Q.R 0 s/FOO/BAR traffic goes to the external server O.P.Q.R ... but this was just a proof of concept, as I really can't tell the remote IPs in advance How do I modify this setup so that netsed packets aren't caught again by pf's rdr and sent back into netsed ? I'm happy to try other tools / setups... thanks for your time and any help you can provide :) B _________________________ {Beto|Norberto|Numard} Meijome "Great spirits have often encountered violent opposition from mediocre minds." Albert Einstein I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.