Date: Sat, 1 Sep 2007 02:27:26 +1000 From: Norberto Meijome <freebsd@meijome.net> To: Mel <fbsd.questions@rachie.is-a-geek.net> Cc: freebsd-questions@freebsd.org Subject: Re: pf rdr + netsed : reinject loop... Message-ID: <20070901022726.1e629b2c@localhost> In-Reply-To: <200708311740.07360.fbsd.questions@rachie.is-a-geek.net> References: <20070831202729.7e4c0f7a@localhost> <20070831113353.GA30807@insomnia.benzedrine.cx> <20070831231015.29fa7b07@localhost> <200708311740.07360.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 31 Aug 2007 17:40:06 +0200
Mel <fbsd.questions@rachie.is-a-geek.net> wrote:
> > netsed's output is (part ) :
> > ---
> > Script started on Fri Aug 31 07:52:12 2007
> > [root@localhost /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR
> > netsed 0.01b by Michal Zalewski <lcamtuf@ids.pl>
> > [*] Parsing rule s/FOO/BAR ...
> > [+] Loaded 1 rules...
> > [+] Listening on port 10101/tcp.
> > [+] Using dynamic (transparent proxy) forwarding.
> >
> > [+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101
> > [*] Forwarding connection to 127.0.0.1:10101
> > [+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101
> > [*] Forwarding connection to 127.0.0.1:10101
> > [+] Caught client -> server packet.
>
> I think you need to figure out what this 'transparent proxy mode' of netsed
> does, cause it should under no circumstances forward to itself...
it simply forwards the packet to the dst_ip:dst_port it originally had. But, as Daniel H pointed out, those packets had been rewritten by pf's rdr to go TO netsed's ip:port .... hence netsed wont change anything. It works fine in non-proxy mode, but as I said in my first msg, that is not an option for me.
So the obvious question is how to get the packets to netsed's IP:PORT without having the packet's original destination IP/PORT changed....maybe incorporating the netsed code into a socks5-compatible server (in my case, the app that generates the packets understands SOCKS). Alas, I am drawing a blank here atm.
Otherwise, i can only think that a new netgraph node would perform better than my current pf + netsed approach....
cheers,
B
_________________________
{Beto|Norberto|Numard} Meijome
"Ninety percent of the time things turn out worse than you thought they would.
The other ten percent of the time you had no right to expect that much."
Augustine
I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070901022726.1e629b2c>