From owner-freebsd-questions@FreeBSD.ORG Fri Aug 31 11:29:34 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A15816A419 for ; Fri, 31 Aug 2007 11:29:34 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (66-230-99-27-cdsl-rb1.nwc.acsalaska.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 0F0FB13C442 for ; Fri, 31 Aug 2007 11:29:34 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 611931CC38 for ; Fri, 31 Aug 2007 03:13:13 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org User-Agent: KMail/1.9.7 References: <20070831202729.7e4c0f7a@localhost> In-Reply-To: <20070831202729.7e4c0f7a@localhost> MIME-Version: 1.0 Content-Disposition: inline Date: Fri, 31 Aug 2007 13:13:12 +0200 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200708311313.12209.fbsd.questions@rachie.is-a-geek.net> Subject: Re: pf rdr + netsed : reinject loop... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2007 11:29:34 -0000 On Friday 31 August 2007 12:27:29 Norberto Meijome wrote: > 1) pf.conf has : > ---- > ext_if="em0" > int_if="em1" > nat on $ext_if from $internal_net to any -> ($ext_if) > rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port 10101 > ----- > 2) I run netsed in transparent proxy mode as : > > netsed tcp 10101 0 0 s/FOO/BAR > > --- > The traffic from XP gets redirected just fine to netsed, which replaces the > bytes just fine. BUT the changed packets (the output of netsed) get > reinjected somewhere so that the rdr hits them again, sending them back to > netsed ad infinitum. ( yes, i managed to hit a load of 700+ without > anything ever leaving BSD ...quite cool) I think you're looking for tagging, for example: rdr on $int_if proto tcp from 172.16.82.81 to any tag NETSED -> 127.0.0.1 port 10101 Then you need to figure out how they come back and pass them through, for example: pass in on $int_if proto tcp tagged NETSED keep state See pf.conf(5) for more info. The examples section has one for spamd redirection. -- Mel