From owner-freebsd-questions@FreeBSD.ORG Fri Aug 31 17:13:00 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F11A316A418 for ; Fri, 31 Aug 2007 17:13:00 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (66-230-99-27-cdsl-rb1.nwc.acsalaska.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id BCA3C13C494 for ; Fri, 31 Aug 2007 17:13:00 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id DA6141CC38 for ; Fri, 31 Aug 2007 09:12:44 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Fri, 31 Aug 2007 19:12:42 +0200 User-Agent: KMail/1.9.7 References: <20070831202729.7e4c0f7a@localhost> <200708311740.07360.fbsd.questions@rachie.is-a-geek.net> <20070901022726.1e629b2c@localhost> In-Reply-To: <20070901022726.1e629b2c@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200708311912.43272.fbsd.questions@rachie.is-a-geek.net> Subject: Re: pf rdr + netsed : reinject loop... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Aug 2007 17:13:01 -0000 On Friday 31 August 2007 18:27:26 Norberto Meijome wrote: > On Fri, 31 Aug 2007 17:40:06 +0200 > > Mel wrote: > > > netsed's output is (part ) : > > > --- > > > Script started on Fri Aug 31 07:52:12 2007 > > > [root@localhost /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR > > > netsed 0.01b by Michal Zalewski > > > [*] Parsing rule s/FOO/BAR ... > > > [+] Loaded 1 rules... > > > [+] Listening on port 10101/tcp. > > > [+] Using dynamic (transparent proxy) forwarding. > > > > > > [+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101 > > > [*] Forwarding connection to 127.0.0.1:10101 > > > [+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101 > > > [*] Forwarding connection to 127.0.0.1:10101 > > > [+] Caught client -> server packet. > > > > I think you need to figure out what this 'transparent proxy mode' of > > netsed does, cause it should under no circumstances forward to itself... > > it simply forwards the packet to the dst_ip:dst_port it originally had. > But, as Daniel H pointed out, those packets had been rewritten by pf's rdr > to go TO netsed's ip:port .... hence netsed wont change anything. It works > fine in non-proxy mode, but as I said in my first msg, that is not an > option for me. OK, I just tried to verify if rdr rewrites dest and indeed it does from netsed's point of view (didn't know my machine could go to 100 load and still catch SIGINT). Now I wonder how ftp-proxy(8) ever gets the server address. Time to view the source. -- Mel