From owner-freebsd-current@freebsd.org  Sun Dec 17 07:52:17 2017
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4280CE8202F;
 Sun, 17 Dec 2017 07:52:17 +0000 (UTC)
 (envelope-from sodynet1@gmail.com)
Received: from mail-it0-x229.google.com (mail-it0-x229.google.com
 [IPv6:2607:f8b0:4001:c0b::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 01A3467BFE;
 Sun, 17 Dec 2017 07:52:17 +0000 (UTC)
 (envelope-from sodynet1@gmail.com)
Received: by mail-it0-x229.google.com with SMTP id u62so25110887ita.2;
 Sat, 16 Dec 2017 23:52:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
 bh=qLtKkYsJxbBYZ1R8Ck+GbDEbiQ/WBfB0LwNqLxKzl4U=;
 b=oVq9lkcO7dJYLxUDS3Iy1iQ6p1OISPLT2ezO0l2lNbj8a2vQPQWObV98SlPc3pm9hk
 9FjPVwgwP7Au/BxR2NrYMl1twDeiW4ZJBwn0n1cL/cJCxGPmlUqb+xAfnQppN+iWijBU
 mYneXeJVDE8VhPmaLK/2oYAv5wJX8QmJT9BRjA3Il6L0oq7aLaz9KGVE1NyDY0ApD/V2
 y8dJdjwBWQ2n/ZlYcRmMdxIRXNaPvi/MO+KC7xnYkpwcxB/+GJPDv8T8ieUibWAXFbdf
 8frz3Eb6gas/I9wdZBxNXFcaex1vtp+FOh4YQhzSw1mVu8Ve22LKKau7IDEhoYIaJq9s
 gaqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to;
 bh=qLtKkYsJxbBYZ1R8Ck+GbDEbiQ/WBfB0LwNqLxKzl4U=;
 b=AMe3b0dLDYLoivV8wZLhDNe/jdbMwH336y8nBbpLpRZPAwRqy9kZwmFAURKOGFwMWZ
 jdSf8CtLR/XRy7TBaD5rGQxJ+Nzx4NreiVuxCGSK4jxJLooPmeSQbH5djLlKHVM5KVOO
 mpyimkLRtmXgJpBNUOBRzZctZmquox4u0c9FP6NOQ2zmHl8zD/1cNAQkxD1/RYT5xVro
 zcJriVERu8524eHoRZBMKj/ejDcgNyiUiwXtQv+aDGYgndyB6Qsw0ERsM6/In9Z80bny
 8hwmJyKUAVhxQmUz7cbKnsxYHVJatdPF7mMiUv8SbX3ETeNU0tYFMxUwPpxqMFWDEvAz
 e3OQ==
X-Gm-Message-State: AKGB3mLeDk22nEIygmODhd0LmsWf/eO/QfTelypQ4YbAWhH3Q5fqdRhJ
 5QZUM0zg+oVrFfg7/jlH7Ba9iDX39eJZAxqgrAY=
X-Google-Smtp-Source: ACJfBot5Uj/kR8IBsCYu85nXRqUpT2DImRtruLCt8iwyVIs8HoFjCsYw2YuJM7cX24FmA1mKENX49L6U+z+JSZFQUaE=
X-Received: by 10.36.131.200 with SMTP id d191mr15476180ite.97.1513497136118; 
 Sat, 16 Dec 2017 23:52:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.2.144.71 with HTTP; Sat, 16 Dec 2017 23:52:15 -0800 (PST)
Received: by 10.2.144.71 with HTTP; Sat, 16 Dec 2017 23:52:15 -0800 (PST)
In-Reply-To: <CAEW+ogZ1-R97P6MhECcLYjdKr4ZFKUhnuMvk7r2eN2F8-E1LNA@mail.gmail.com>
References: <CAEW+ogbYXwMZUmbd+pmhgNPY-_7ZYHF4EeOWYgq+0iuG_hr2Mw@mail.gmail.com>
 <CAEW+ogae4BfmzSk4QU+4EHGE4E1BKO-mq2BAm1dvXCuh8DCYTg@mail.gmail.com>
 <CAEW+ogZfrmj-ZJoCp_WExc5K4Gck-yFBUo5q+jJ6Wao3LygXmQ@mail.gmail.com>
 <CAEW+ogYtdg2xUtyfWSLCwhyOypY-DT6c=BzOszcTMrCacp8jsQ@mail.gmail.com>
 <CAEW+ogbJU5qtNsENkMA8-=kV8BsOMhP4biEsxtLfr-t54NE4=g@mail.gmail.com>
 <CAEW+ogYzjpMzWSTxNDtKvEQgo3HpzuCgDh6Vs5_EKxM+CfGWtg@mail.gmail.com>
 <CAEW+ogZpBhMpfZpRJa3LR_yzgeFWSRZhezaeVZ6JmYcoDy6xQg@mail.gmail.com>
 <CAEW+ogZukjbh2zqcMWzc7R1zVzwyGiLfG=JZeZdcJbana5jhDg@mail.gmail.com>
 <CAEW+ogbOVzpeDkDrWgDud8ttUVSPuaOEJ_Dw+QxfshZ4zTSVKQ@mail.gmail.com>
 <CAEW+ogbaR=k1H2_1MYXjHCEKTFUYCo5k9cn-fOm3bT5VJaQpGg@mail.gmail.com>
 <CAEW+ogZ1-R97P6MhECcLYjdKr4ZFKUhnuMvk7r2eN2F8-E1LNA@mail.gmail.com>
From: Sami Halabi <sodynet1@gmail.com>
Date: Sun, 17 Dec 2017 09:52:15 +0200
Message-ID: <CAEW+ogaxHp387AZGBBHQChz4VP5pH-TW9eCFGd2YeW_fcuVVSA@mail.gmail.com>
Subject: need help using ng_patch to modify src/dst packets or alternative way
To: freebsd-net@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Dec 2017 07:52:17 -0000

hi,

Can you help in my situation? My goal is so Box in my lan 10.1.1.2 to talk
to 10.1.1.1 and actually it would be talking to X.X.X.X outside ip using
one of my public IPs say 1.1.1.1.

I'm trying to modify packets to passthrough to a local IP.
I have a box that a specific IP is routed to it.. say 1.1.1.1
in my bce0 i don't have that ip configured but i have my public IP that say
2.2.2.2 that 1.1.1.1 is routed to it.
i configured 10.1.1.1/24 in bce0, my target box is 10.1.1.2/24.
i tried the following inside ngctl:

mkpeer ipfw: patch 300 in
name ipfw:300 src_dst_chg
msg src_dst_chg: setconfig { count=2 csum_flags=1 ops=[  { mode=1
value=0x0a010101 length=4 offset=3 }  { mode=1 value=0x0a010102 length=4
offset=4 } ] }

in my box(10.1.1.1) i did:
sysctl net.inet.ip.fw.one_pass=0
/sbin/ipfw add 50 netgraph 300 ip from any to any to 1.1.1.1

then i do simple ping from outside box
i see the packets arrive on my 160 rule
but never leaves the box..

I would at least see packeta flow one direction to 10.1.1.2 and then that
need another ipfw and netgraph opposite rule.

If you have alternative way I'm happy to try...


Help much appreciated...
Sami