From owner-freebsd-net@FreeBSD.ORG Fri Aug 31 15:11:22 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F3F6316A418 for ; Fri, 31 Aug 2007 15:11:21 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 9C07413C458 for ; Fri, 31 Aug 2007 15:11:21 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 25720 invoked from network); 31 Aug 2007 10:11:01 -0500 Received: from 124-170-70-31.dyn.iinet.net.au (HELO localhost) (124.170.70.31) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 31 Aug 2007 10:11:01 -0500 Date: Sat, 1 Sep 2007 01:10:55 +1000 From: Norberto Meijome To: Daniel Hartmeier Message-ID: <20070901011055.0ea76b88@localhost> In-Reply-To: <20070831113353.GA30807@insomnia.benzedrine.cx> References: <20070831202729.7e4c0f7a@localhost> <20070831113353.GA30807@insomnia.benzedrine.cx> X-Mailer: Claws Mail 2.10.0 (GTK+ 2.10.14; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: FreeBSD Net ML , FreeBSD Questions ML Subject: Re: pf rdr + netsed : reinject loop... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2007 15:11:22 -0000 On Fri, 31 Aug 2007 13:33:53 +0200 Daniel Hartmeier wrote: > b) Instead of replacing the destination address in pf with rdr, try > leaving it as it is, but use route-to (lo0) to get the packet routed to > the loopback interface. This would require netsed to listen on > INADDR_ANY (or use a raw socket, I haven't checked its source code). Hi Daniel, I tried this but i only managed to lock up the BSD VM a couple of times (not even console access, so it was not just network affected). I am not sure if i've done this correctly .. pass in on $int_if route-to 127.0.0.1 proto tcp from 172.16.82.81 to O.P.Q.R tag ROUTED keep state is that ok ? ( tried also doing route-to 127.0.0.1 $external_addr with no visible change.) I have logging enabled specifically on lo0 , but i dont see any packets going through. I am not entirely sure how netsed will pick up this packets. I've had netsed listening on *:{port} and 127.0.0.1:{port} and it obviously didnt make any difference. Could you point me to any reference / sample of what you mean? thx again, B _________________________ {Beto|Norberto|Numard} Meijome I used to hate weddings; all the Grandmas would poke me and say, "You're next sonny!" They stopped doing that when i started to do it to them at funerals. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.