Re: Please help with PF-based redirector

---

• From: Max Laier <max@xxxxxxxxxxxxxx>
• Date: Mon, 16 Apr 2007 13:59:19 +0200

---

On Sunday 15 April 2007 20:11, Alex Povolotsky wrote:

Hello!

I'm trying to set up a box as round-robin TCP proxy. Of course, I'm
trying to do everything on kernel-level.

This simple setup

rdr on sk0 proto tcp from any to any port = smtp -> <outbound> port 25
round-robin

should work. At least, I thought so.

However, attempt to connect to port 25 yielded unexpected result. pfctl
-s state shows

self tcp 89.108.94.212:25 <- 89.108.94.91:25 <-
89.108.94.211:56975 CLOSED:SYN_SENT

Your test hosts seem to be on the same subnet. This does not work as you
seems to think. In the same broadcast domain it is not possible for the
pf box to forward the packet on behalf of the sending host (otherwise it
would confuse the recipient or the switch). Instead it emits icmp
redirects which are ignored in a normal setup.

You have to separate the two networks in order for redirect to work the
way you want it to.

connection never established, and no IP packet ever sends out to
89.108.94.212:25

I don't understand this thing. Maybe someone can point me to my error?

(firewall rules a quite permissive, in fact, they are pass in quick and
pass out quick for all interfaces. attempt to telnet to port 25 outside
works ok)

Alex.

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

--
/"\ Best regards, | mlaier@xxxxxxxxxxx
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News

Attachment: pgpxtrT0ZZTS2.pgp
Description: PGP signature

---

• Follow-Ups:
  • Re: Please help with PF-based redirector
    • From: Alex Povolotsky
  • Re: Please help with PF-based redirector
    • From: Alex Povolotsky
  • Re: Please help with PF-based redirector
    • From: Alex Povolotsky

• References:
  • Please help with PF-based redirector
    • From: Alex Povolotsky

• Prev by Date: Current problem reports assigned to you
• Next by Date: Re: Please help with PF-based redirector
• Previous by thread: Please help with PF-based redirector
• Next by thread: Re: Please help with PF-based redirector
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Please help with PF-based redirector ... I'm trying to set up a box as round-robin TCP proxy. ... Your test hosts seem to be on the same subnet. ... Instead it emits icmp redirects which are ignored in a normal setup. ... (freebsd-net) redirecting pf example ... I'm trying to set up a box as round-robin TCP proxy. ... I'm trying to do everything on kernel-level. ... This simple setup ... attempt to connect to port 25 yielded unexpected result. ... (freebsd-net) Please help with PF-based redirector ... I'm trying to set up a box as round-robin TCP proxy. ... I'm trying to do everything on kernel-level. ... This simple setup ... attempt to connect to port 25 yielded unexpected result. ... (freebsd-net)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > net  > 2007-04