Date: Mon, 16 Apr 2007 13:59:19 +0200 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Cc: Alex Povolotsky <tarkhil@webmail.sub.ru> Subject: Re: Please help with PF-based redirector Message-ID: <200704161359.26059.max@love2party.net> In-Reply-To: <46226AD3.3030806@webmail.sub.ru> References: <46226AD3.3030806@webmail.sub.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart4045303.TY0IIbxdmX Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 15 April 2007 20:11, Alex Povolotsky wrote: > Hello! > > I'm trying to set up a box as round-robin TCP proxy. Of course, I'm > trying to do everything on kernel-level. > > This simple setup > > rdr on sk0 proto tcp from any to any port =3D smtp -> <outbound> port 25 > round-robin > > should work. At least, I thought so. > > However, attempt to connect to port 25 yielded unexpected result. pfctl > -s state shows > > self tcp 89.108.94.212:25 <- 89.108.94.91:25 <- > 89.108.94.211:56975 CLOSED:SYN_SENT Your test hosts seem to be on the same subnet. This does not work as you=20 seems to think. In the same broadcast domain it is not possible for the=20 pf box to forward the packet on behalf of the sending host (otherwise it=20 would confuse the recipient or the switch). Instead it emits icmp=20 redirects which are ignored in a normal setup. You have to separate the two networks in order for redirect to work the=20 way you want it to. > connection never established, and no IP packet ever sends out to > 89.108.94.212:25 > > I don't understand this thing. Maybe someone can point me to my error? > > (firewall rules a quite permissive, in fact, they are pass in quick and > pass out quick for all interfaces. attempt to telnet to port 25 outside > works ok) > > Alex. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart4045303.TY0IIbxdmX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBGI2UeXyyEoT62BG0RAnwlAJ9vf0jNz19zi6dwT3IWxyglhad2BgCePRUr o946s6tMfZLMTF+iZQHvAiw= =VBRM -----END PGP SIGNATURE----- --nextPart4045303.TY0IIbxdmX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704161359.26059.max>