Date: Fri, 31 Aug 2007 13:13:12 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Subject: Re: pf rdr + netsed : reinject loop... Message-ID: <200708311313.12209.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <20070831202729.7e4c0f7a@localhost> References: <20070831202729.7e4c0f7a@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 31 August 2007 12:27:29 Norberto Meijome wrote: > 1) pf.conf has : > ---- > ext_if="em0" > int_if="em1" > nat on $ext_if from $internal_net to any -> ($ext_if) > rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port 10101 > ----- > 2) I run netsed in transparent proxy mode as : > > netsed tcp 10101 0 0 s/FOO/BAR > > --- > The traffic from XP gets redirected just fine to netsed, which replaces the > bytes just fine. BUT the changed packets (the output of netsed) get > reinjected somewhere so that the rdr hits them again, sending them back to > netsed ad infinitum. ( yes, i managed to hit a load of 700+ without > anything ever leaving BSD ...quite cool) I think you're looking for tagging, for example: rdr on $int_if proto tcp from 172.16.82.81 to any tag NETSED -> 127.0.0.1 port 10101 Then you need to figure out how they come back and pass them through, for example: pass in on $int_if proto tcp tagged NETSED keep state See pf.conf(5) for more info. The examples section has one for spamd redirection. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708311313.12209.fbsd.questions>