Date: Mon, 16 Apr 2007 16:04:25 +0400 From: Alex Povolotsky <tarkhil@webmail.sub.ru> To: Max Laier <max@love2party.net> Cc: freebsd-net@freebsd.org Subject: Re: Please help with PF-based redirector Message-ID: <46236649.7000406@webmail.sub.ru> In-Reply-To: <200704161359.26059.max@love2party.net> References: <46226AD3.3030806@webmail.sub.ru> <200704161359.26059.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: > On Sunday 15 April 2007 20:11, Alex Povolotsky wrote: > >> Hello! >> >> I'm trying to set up a box as round-robin TCP proxy. Of course, I'm >> trying to do everything on kernel-level. >> >> This simple setup >> >> rdr on sk0 proto tcp from any to any port = smtp -> <outbound> port 25 >> round-robin >> >> should work. At least, I thought so. >> >> However, attempt to connect to port 25 yielded unexpected result. pfctl >> -s state shows >> >> self tcp 89.108.94.212:25 <- 89.108.94.91:25 <- >> 89.108.94.211:56975 CLOSED:SYN_SENT >> > > Your test hosts seem to be on the same subnet. This does not work as you > seems to think. In the same broadcast domain it is not possible for the > pf box to forward the packet on behalf of the sending host (otherwise it > would confuse the recipient or the switch). Instead it emits icmp > redirects which are ignored in a normal setup. > > You have to separate the two networks in order for redirect to work the > way you want it to. > Okay, thanks a lot, I'll give a try Alex.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46236649.7000406>