Re: pf rdr + netsed : reinject loop...

On Friday 31 August 2007 18:27:26 Norberto Meijome wrote:
On Fri, 31 Aug 2007 17:40:06 +0200

Mel <fbsd.questions@xxxxxxxxxxxxxxxxxxxx> wrote:
netsed's output is (part ) :
---
Script started on Fri Aug 31 07:52:12 2007
[root@localhost /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR
netsed 0.01b by Michal Zalewski <lcamtuf@xxxxxx>
[*] Parsing rule s/FOO/BAR ...
[+] Loaded 1 rules...
[+] Listening on port 10101/tcp.
[+] Using dynamic (transparent proxy) forwarding.

[+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101
[*] Forwarding connection to 127.0.0.1:10101
[+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101
[*] Forwarding connection to 127.0.0.1:10101
[+] Caught client -> server packet.

I think you need to figure out what this 'transparent proxy mode' of
netsed does, cause it should under no circumstances forward to itself...

it simply forwards the packet to the dst_ip:dst_port it originally had.
But, as Daniel H pointed out, those packets had been rewritten by pf's rdr
to go TO netsed's ip:port .... hence netsed wont change anything. It works
fine in non-proxy mode, but as I said in my first msg, that is not an
option for me.

OK, I just tried to verify if rdr rewrites dest and indeed it does from
netsed's point of view (didn't know my machine could go to 100 load and still
catch SIGINT).

Now I wonder how ftp-proxy(8) ever gets the server address. Time to view the
source.
--
Mel
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"