Re: pf rdr + netsed : reinject loop...

On Fri, 31 Aug 2007 13:33:53 +0200
Daniel Hartmeier <daniel@xxxxxxxxxxxxx> wrote:

b) Instead of replacing the destination address in pf with rdr, try
leaving it as it is, but use route-to (lo0) to get the packet routed to
the loopback interface. This would require netsed to listen on
INADDR_ANY (or use a raw socket, I haven't checked its source code).

Hi Daniel,
I tried this but i only managed to lock up the BSD VM a couple of times (not even console access, so it was not just network affected). I am not sure if i've done this correctly ..

pass in on $int_if route-to 127.0.0.1 proto tcp from 172.16.82.81 to O.P.Q.R tag ROUTED keep state

is that ok ? ( tried also doing route-to 127.0.0.1 $external_addr with no visible change.) I have logging enabled specifically on lo0 , but i dont see any packets going through.

I am not entirely sure how netsed will pick up this packets. I've had netsed listening on *:{port} and 127.0.0.1:{port} and it obviously didnt make any difference. Could you point me to any reference / sample of what you mean?

thx again,
B

_________________________
{Beto|Norberto|Numard} Meijome

I used to hate weddings; all the Grandmas would poke me and
say, "You're next sonny!" They stopped doing that when i
started to do it to them at funerals.

I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: pf rdr + netsed : reinject loop...
    ... leaving it as it is, but use route-to (lo0) to get the packet routed to ... the loopback interface. ...
    (freebsd-questions)
  • Re: 5.3-RELEASE kde 3.3 and pf
    ... >127/8 should always be allowed on the loopback interface, ... FreeBSD generates a static route to `hostname` via lo0. ... 200 deny all from any to 127.0.0.0/8 ... To unsubscribe, ...
    (freebsd-stable)