From owner-freebsd-net@FreeBSD.ORG Sun Sep 2 12:01:33 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 49CA516A418 for ; Sun, 2 Sep 2007 12:01:33 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.freebsd.org (Postfix) with ESMTP id 0776A13C4A3 for ; Sun, 2 Sep 2007 12:01:32 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: (qmail 722 invoked from network); 2 Sep 2007 07:01:14 -0500 Received: from 124-170-76-14.dyn.iinet.net.au (HELO localhost) (124.170.76.14) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 2 Sep 2007 07:01:13 -0500 Date: Sun, 2 Sep 2007 22:01:10 +1000 From: Norberto Meijome To: FreeBSD Net ML Message-ID: <20070902220110.5c494bea@localhost> In-Reply-To: <20070831202729.7e4c0f7a@localhost> References: <20070831202729.7e4c0f7a@localhost> X-Mailer: Claws Mail 2.10.0 (GTK+ 2.10.14; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: SOLUTION + Patch to: pf rdr + netsed : reinject loop... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Sep 2007 12:01:33 -0000 On Fri, 31 Aug 2007 20:27:29 +1000 Norberto Meijome wrote: > Hello everyone, I need your help / insight here :) Mel (fbsd.questions at rachie.is-a-geek.net ) has very kindly and cleverly provided a neat solution for this problem. It was posted to Question@, and it can be found here : http://lists.freebsd.org/pipermail/freebsd-questions/2007-August/156901.html thanks everyone for your help! B > > My setup, 2 VMs, XP (WinXP) and BSD (FreeBSD 6.2) > > [XP ,172.16.82.81 ] --- [172.16.82.81,em1 BSD A.B.C.D,em0] --- The Interweb ---- [Other_servers_galore] > > A.B.C.D is a public IP. > > [Other_servers_galore] represents all and any servers XP wants to talk to . I really don't know either port or IP of these servers. > > BSD is performing as gateway for XP , with NAT on em0 using pf. > > I want to replace certain bytes (FOO) in TCP packets between XP and [Other_servers_galore] for other bytes (BAR). Vlad Galu pointed out that net/netsed can help with this (with overhead, i know, this is only a test ). (Thanks again! ) > > so what I have setup : > > 1) pf.conf has : > ---- > ext_if="em0" > int_if="em1" > nat on $ext_if from $internal_net to any -> ($ext_if) > rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port 10101 > ----- > 2) I run netsed in transparent proxy mode as : > > netsed tcp 10101 0 0 s/FOO/BAR > > --- > The traffic from XP gets redirected just fine to netsed, which replaces the bytes just fine. BUT the changed packets (the output of netsed) get reinjected somewhere so that the rdr hits them again, sending them back to netsed ad infinitum. ( yes, i managed to hit a load of 700+ without anything ever leaving BSD ...quite cool) > > Now, netsed works just fine in that setup if I define the IP, eg : > pf.conf : > ext_if="em0" > int_if="em1" > nat on $ext_if from $internal_net to any -> ($ext_if) > rdr on $int_if proto tcp from 172.16.82.81 to O.P.Q.R -> 127.0.0.1 port 10101 > > netsed : > netsed tcp 10101 O.P.Q.R 0 s/FOO/BAR > > traffic goes to the external server O.P.Q.R ... but this was just a proof of concept, as I really can't tell the remote IPs in advance > > How do I modify this setup so that netsed packets aren't caught again by pf's rdr and sent back into netsed ? I'm happy to try other tools / setups... > > thanks for your time and any help you can provide :) > B _________________________ {Beto|Norberto|Numard} Meijome Commitment is active, not passive. Commitment is doing whatever you can to bring about the desired result. Anything less is half-hearted. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.