Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 1 Sep 2007 01:10:55 +1000
From:      Norberto Meijome <freebsd@meijome.net>
To:        Daniel Hartmeier <daniel@benzedrine.cx>
Cc:        FreeBSD Net ML <freebsd-net@freebsd.org>, FreeBSD Questions ML <freebsd-questions@freebsd.org>
Subject:   Re: pf rdr + netsed : reinject loop...
Message-ID:  <20070901011055.0ea76b88@localhost>
In-Reply-To: <20070831113353.GA30807@insomnia.benzedrine.cx>
References:  <20070831202729.7e4c0f7a@localhost> <20070831113353.GA30807@insomnia.benzedrine.cx>
index | next in thread | previous in thread | raw e-mail 

On Fri, 31 Aug 2007 13:33:53 +0200
Daniel Hartmeier <daniel@benzedrine.cx> wrote:

> b) Instead of replacing the destination address in pf with rdr, try
> leaving it as it is, but use route-to (lo0) to get the packet routed to
> the loopback interface. This would require netsed to listen on
> INADDR_ANY (or use a raw socket, I haven't checked its source code).

Hi Daniel,
 I tried this but i only managed to lock up the BSD VM a couple of times (not even console access, so it was not just network affected). I am not sure if i've done this correctly .. 

pass in on $int_if route-to 127.0.0.1 proto tcp from 172.16.82.81 to O.P.Q.R tag ROUTED keep state 

is that ok ? ( tried also doing route-to 127.0.0.1 $external_addr with no visible change.) I have logging enabled specifically on lo0 , but i dont see any packets going through.

I am not entirely sure how netsed will pick up this packets. I've had netsed listening on *:{port} and 127.0.0.1:{port} and it obviously didnt make any difference. Could you point me to any reference / sample of what you mean? 

thx again,
B

_________________________
{Beto|Norberto|Numard} Meijome

I used to hate weddings; all the Grandmas would poke me and
say, "You're next sonny!" They stopped doing that when i
started to do it to them at funerals.

I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070901011055.0ea76b88>