From owner-freebsd-pf@FreeBSD.ORG  Tue Nov  4 09:33:49 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 157921065674
	for <freebsd-pf@freebsd.org>; Tue,  4 Nov 2008 09:33:49 +0000 (UTC)
	(envelope-from mk@adminlife.net)
Received: from mx.adminlife.net (mx.adminlife.net [85.214.17.98])
	by mx1.freebsd.org (Postfix) with ESMTP id CBEEB8FC1D
	for <freebsd-pf@freebsd.org>; Tue,  4 Nov 2008 09:33:48 +0000 (UTC)
	(envelope-from mk@adminlife.net)
Received: from [192.168.0.51] (p54881D2F.dip0.t-ipconnect.de [84.136.29.47])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: matthias@adminlife.net)
	by mx.adminlife.net (Postfix) with ESMTPSA id BF5A1125403
	for <freebsd-pf@freebsd.org>; Tue,  4 Nov 2008 10:14:58 +0100 (CET)
Message-ID: <491012AE.7000409@adminlife.net>
Date: Tue, 04 Nov 2008 10:15:26 +0100
From: Matthias Kellermann <mk@adminlife.net>
User-Agent: Thunderbird 2.0.0.17 (X11/20080925)
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: rdr rule does not work (bad hdr length)
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Nov 2008 09:33:49 -0000

Hi list,

I'm trying to set up a simple rdr rule in pf (7.0-RELEASE-p5).

I have two hosts - host a (192.168.0.250) and host b (192.168.0.10) - in
a local network and want to forward one port from host a to host b.

host a is the pf host. This is the rule to redirect traffic from host a
to b:

rdr proto tcp from any to 192.168.0.250 port 23 -> 192.168.0.10
pass log (all) proto tcp from any to 192.168.0.10 port 23 synproxy state

If I try to get a telnet connection from my client 192.168.0.51 the
connection gets stuck and nothing happens. This is the output of tcpdump
on the pflog0 interface:

# tcpdump -netttvvi pflog0
000000 rule 0/0(match): pass in on sis0: (tos 0x10, ttl 64, id 26668,
offset 0, flags [DF], proto TCP (6), length 60) 192.168.0.51.54460 >
192.168.0.10.23: [|tcp]
000266 rule 0/0(match): pass out on sis0: (tos 0x10, ttl 64, id 25527,
offset 0, flags [DF], proto TCP (6), length 44) 192.168.0.51.54460 >
192.168.0.10.23:  tcp 24 [bad hdr length 0 - too short, < 20]

Anybody has an idea whats wrong here?


Regards,
Matthias