pf rdr + netsed : reinject loop...
Norberto Meijome
freebsd at meijome.net
Fri Aug 31 08:11:22 PDT 2007
On Fri, 31 Aug 2007 13:33:53 +0200
Daniel Hartmeier <daniel at benzedrine.cx> wrote:
> b) Instead of replacing the destination address in pf with rdr, try
> leaving it as it is, but use route-to (lo0) to get the packet routed to
> the loopback interface. This would require netsed to listen on
> INADDR_ANY (or use a raw socket, I haven't checked its source code).
Hi Daniel,
I tried this but i only managed to lock up the BSD VM a couple of times (not even console access, so it was not just network affected). I am not sure if i've done this correctly ..
pass in on $int_if route-to 127.0.0.1 proto tcp from 172.16.82.81 to O.P.Q.R tag ROUTED keep state
is that ok ? ( tried also doing route-to 127.0.0.1 $external_addr with no visible change.) I have logging enabled specifically on lo0 , but i dont see any packets going through.
I am not entirely sure how netsed will pick up this packets. I've had netsed listening on *:{port} and 127.0.0.1:{port} and it obviously didnt make any difference. Could you point me to any reference / sample of what you mean?
thx again,
B
_________________________
{Beto|Norberto|Numard} Meijome
I used to hate weddings; all the Grandmas would poke me and
say, "You're next sonny!" They stopped doing that when i
started to do it to them at funerals.
I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
More information about the freebsd-questions
mailing list