Re: pf rdr + netsed : reinject loop...

On Friday 31 August 2007 12:27:29 Norberto Meijome wrote:

1) pf.conf has :
----
ext_if="em0"
int_if="em1"
nat on $ext_if from $internal_net to any -> ($ext_if)
rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port 10101
-----
2) I run netsed in transparent proxy mode as :

netsed tcp 10101 0 0 s/FOO/BAR

---
The traffic from XP gets redirected just fine to netsed, which replaces the
bytes just fine. BUT the changed packets (the output of netsed) get
reinjected somewhere so that the rdr hits them again, sending them back to
netsed ad infinitum. ( yes, i managed to hit a load of 700+ without
anything ever leaving BSD ...quite cool)

I think you're looking for tagging, for example:
rdr on $int_if proto tcp from 172.16.82.81 to any tag NETSED -> 127.0.0.1 port
10101

Then you need to figure out how they come back and pass them through, for
example:
pass in on $int_if proto tcp tagged NETSED keep state

See pf.conf(5) for more info. The examples section has one for spamd
redirection.
--
Mel
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"