pf rdr + netsed : reinject loop...
Mel
fbsd.questions at rachie.is-a-geek.net
Fri Aug 31 10:13:01 PDT 2007
On Friday 31 August 2007 18:27:26 Norberto Meijome wrote:
> On Fri, 31 Aug 2007 17:40:06 +0200
>
> Mel <fbsd.questions at rachie.is-a-geek.net> wrote:
> > > netsed's output is (part ) :
> > > ---
> > > Script started on Fri Aug 31 07:52:12 2007
> > > [root at localhost /usr/home/luser]# netsed tcp 10101 0 0 s/FOO/BAR
> > > netsed 0.01b by Michal Zalewski <lcamtuf at ids.pl>
> > > [*] Parsing rule s/FOO/BAR ...
> > > [+] Loaded 1 rules...
> > > [+] Listening on port 10101/tcp.
> > > [+] Using dynamic (transparent proxy) forwarding.
> > >
> > > [+] Got incoming connection from 172.16.82.81:1178 to 127.0.0.1:10101
> > > [*] Forwarding connection to 127.0.0.1:10101
> > > [+] Got incoming connection from 127.0.0.1:51337 to 127.0.0.1:10101
> > > [*] Forwarding connection to 127.0.0.1:10101
> > > [+] Caught client -> server packet.
> >
> > I think you need to figure out what this 'transparent proxy mode' of
> > netsed does, cause it should under no circumstances forward to itself...
>
> it simply forwards the packet to the dst_ip:dst_port it originally had.
> But, as Daniel H pointed out, those packets had been rewritten by pf's rdr
> to go TO netsed's ip:port .... hence netsed wont change anything. It works
> fine in non-proxy mode, but as I said in my first msg, that is not an
> option for me.
OK, I just tried to verify if rdr rewrites dest and indeed it does from
netsed's point of view (didn't know my machine could go to 100 load and still
catch SIGINT).
Now I wonder how ftp-proxy(8) ever gets the server address. Time to view the
source.
--
Mel
More information about the freebsd-questions
mailing list