From owner-freebsd-questions@freebsd.org Tue Oct 17 13:18:29 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A33D8E3A3E7 for ; Tue, 17 Oct 2017 13:18:29 +0000 (UTC) (envelope-from srs0=rwhw=bq=sigsegv.be=kristof@codepro.be) Received: from venus.codepro.be (venus.codepro.be [IPv6:2a01:4f8:162:1127::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.codepro.be", Issuer "Gandi Standard SSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6B2886C9DD for ; Tue, 17 Oct 2017 13:18:29 +0000 (UTC) (envelope-from srs0=rwhw=bq=sigsegv.be=kristof@codepro.be) Received: from [192.168.228.1] (vega.codepro.be [IPv6:2a01:4f8:162:1127::3]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id F08241F206; Tue, 17 Oct 2017 15:18:26 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigsegv.be; s=mail; t=1508246307; bh=pCAX0i1xHHLjPvWrtzL31h15FVQojtD6E9UfiHjkOg8=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=U2e5dncDKZX/gsvluD0jx/ZzEQd9Ynz3RhNmuNVhFHzVOkwaWn2nlgM/fpQEJTQVW hZi0t2+UyLMf4GCOCHt+iLr48QIR5i3uJSjzkoDTKICEPgQAcsR9+IeGPL0OdmPw0j /6Ep3+xLMYGFQA6CO2UKhZ01M0G5Yajspk44egvw= From: "Kristof Provost" To: "no@spam@mgedv.net" Cc: freebsd-questions@freebsd.org Subject: Re: pf/nat guru needed: fwd of packet to 255.255.255.255 Date: Tue, 17 Oct 2017 15:18:40 +0200 Message-ID: In-Reply-To: <002101d346c0$65ef67d0$31ce3770$@mgedv.net> References: <002101d346c0$65ef67d0$31ce3770$@mgedv.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Mailer: MailMate (2.0BETAr6093) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2017 13:18:29 -0000 On 16 Oct 2017, at 22:50, no@spam@mgedv.net wrote: > hi folks, > > short: anyone out there knows, how to redir & forward packets to > 255.255.255.255? > > preface: i need to get a crappy, stupid, very (!) wrong programmed > device > running. > and i know this crapdev violates RFCs, so this is the wrong story for > RTFM > hints ;) > > the BSD box setup: > freebsd 11.1, amd64. > - interface "A": 10.10.21.1/24, MTU1500 > - interface "B": 10.10.22.1/24, MTU1500 > > the (crapdev) source generates an ipv4 UDP packet as follows: > - source address 10.10.21.11, port >1023 > - target hw addr: ff:ff:ff:ff:ff:ff > - target ipv4 addr: 255.255.255.255 port 4444 > - payload ~ 500 bytes, so it fits inside 1 packet. > I would not be surprised if that packet also has a TTL of 1. In fact, I’d consider it a bug if it had a different value. You could probably set a scrub rule to change it, so the packet can be forwarded, but I’d be very tempted to just run a proxy for this, rather than trying to fix it with pf. It might even be possible to get the appropriate socat incantation to do it, so maybe you don’t even need to write any code for this. Regards, Kristof