From owner-freebsd-questions@FreeBSD.ORG Fri Aug 31 16:27:47 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBDA716A468 for ; Fri, 31 Aug 2007 16:27:47 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 9FE8F13C4B0 for ; Fri, 31 Aug 2007 16:27:46 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 31458 invoked from network); 31 Aug 2007 11:27:32 -0500 Received: from 124-170-70-31.dyn.iinet.net.au (HELO localhost) (124.170.70.31) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 31 Aug 2007 11:27:32 -0500 Date: Sat, 1 Sep 2007 02:27:26 +1000 From: Norberto Meijome To: Mel Message-ID: <20070901022726.1e629b2c@localhost> In-Reply-To: <200708311740.07360.fbsd.questions@rachie.is-a-geek.net> References: <20070831202729.7e4c0f7a@localhost> <20070831113353.GA30807@insomnia.benzedrine.cx> <20070831231015.29fa7b07@localhost> <200708311740.07360.fbsd.questions@rachie.is-a-geek.net> X-Mailer: Claws Mail 2.10.0 (GTK+ 2.10.14; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: pf rdr + netsed : reinject loop... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2007 16:27:47 -0000 On Fri, 31 Aug 2007 17:40:06 +0200 Mel wrote: > > netsed's output is (part ) : > > --- > > Script started on Fri Aug 31 07:52:12 2007 > > [root@localhost /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR > > netsed 0.01b by Michal Zalewski > > [*] Parsing rule s/FOO/BAR ... > > [+] Loaded 1 rules... > > [+] Listening on port 10101/tcp. > > [+] Using dynamic (transparent proxy) forwarding. > > > > [+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101 > > [*] Forwarding connection to 127.0.0.1:10101 > > [+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101 > > [*] Forwarding connection to 127.0.0.1:10101 > > [+] Caught client -> server packet. > > I think you need to figure out what this 'transparent proxy mode' of netsed > does, cause it should under no circumstances forward to itself... it simply forwards the packet to the dst_ip:dst_port it originally had. But, as Daniel H pointed out, those packets had been rewritten by pf's rdr to go TO netsed's ip:port .... hence netsed wont change anything. It works fine in non-proxy mode, but as I said in my first msg, that is not an option for me. So the obvious question is how to get the packets to netsed's IP:PORT without having the packet's original destination IP/PORT changed....maybe incorporating the netsed code into a socks5-compatible server (in my case, the app that generates the packets understands SOCKS). Alas, I am drawing a blank here atm. Otherwise, i can only think that a new netgraph node would perform better than my current pf + netsed approach.... cheers, B _________________________ {Beto|Norberto|Numard} Meijome "Ninety percent of the time things turn out worse than you thought they would. The other ten percent of the time you had no right to expect that much." Augustine I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.