From owner-freebsd-net@FreeBSD.ORG Mon Apr 16 11:59:46 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 56C8816A46B for ; Mon, 16 Apr 2007 11:59:46 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id 9465C13C4C5 for ; Mon, 16 Apr 2007 11:59:45 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.64.181.183] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis), id 0ML25U-1HdPrj3Jtb-0007O4; Mon, 16 Apr 2007 13:59:30 +0200 From: Max Laier Organization: FreeBSD To: freebsd-net@freebsd.org Date: Mon, 16 Apr 2007 13:59:19 +0200 User-Agent: KMail/1.9.5 References: <46226AD3.3030806@webmail.sub.ru> In-Reply-To: <46226AD3.3030806@webmail.sub.ru> X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<=?utf-8?q?=25=7D*=5FBD=0A=09U=5For=3D=5CmOZf764=26nYj=3DJYbR1PW0ud?=>|!~,,CPC.1-D$FG@0h3#'5"k{V]a~.<=?utf-8?q?mZ=7D44=23Se=7Em=0A=09Fe=7E=5C=5DX5B=5D=5Fxj?=(ykz9QKMw_l0C2AQ]}Ym8)fU MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart4045303.TY0IIbxdmX"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200704161359.26059.max@love2party.net> X-Provags-ID: V01U2FsdGVkX19w6CoSj8reHkMPeI1M10C9iNUdGsPKn32EDxe vmH3pQBqU7242NxFgjlqTZD6RjK6M0+7DE7NNFa5Q8ZQvwqpFp ZS4H5GYGL5bXHrNOBdpwg== Cc: Alex Povolotsky Subject: Re: Please help with PF-based redirector X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Apr 2007 11:59:46 -0000 --nextPart4045303.TY0IIbxdmX Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 15 April 2007 20:11, Alex Povolotsky wrote: > Hello! > > I'm trying to set up a box as round-robin TCP proxy. Of course, I'm > trying to do everything on kernel-level. > > This simple setup > > rdr on sk0 proto tcp from any to any port =3D smtp -> port 25 > round-robin > > should work. At least, I thought so. > > However, attempt to connect to port 25 yielded unexpected result. pfctl > -s state shows > > self tcp 89.108.94.212:25 <- 89.108.94.91:25 <- > 89.108.94.211:56975 CLOSED:SYN_SENT Your test hosts seem to be on the same subnet. This does not work as you=20 seems to think. In the same broadcast domain it is not possible for the=20 pf box to forward the packet on behalf of the sending host (otherwise it=20 would confuse the recipient or the switch). Instead it emits icmp=20 redirects which are ignored in a normal setup. You have to separate the two networks in order for redirect to work the=20 way you want it to. > connection never established, and no IP packet ever sends out to > 89.108.94.212:25 > > I don't understand this thing. Maybe someone can point me to my error? > > (firewall rules a quite permissive, in fact, they are pass in quick and > pass out quick for all interfaces. attempt to telnet to port 25 outside > works ok) > > Alex. > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart4045303.TY0IIbxdmX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQBGI2UeXyyEoT62BG0RAnwlAJ9vf0jNz19zi6dwT3IWxyglhad2BgCePRUr o946s6tMfZLMTF+iZQHvAiw= =VBRM -----END PGP SIGNATURE----- --nextPart4045303.TY0IIbxdmX--