need help using ng_patch to modify src/dst packets or alternative way
Sami Halabi
sodynet1 at gmail.com
Sun Dec 17 07:52:17 UTC 2017
hi,
Can you help in my situation? My goal is so Box in my lan 10.1.1.2 to talk
to 10.1.1.1 and actually it would be talking to X.X.X.X outside ip using
one of my public IPs say 1.1.1.1.
I'm trying to modify packets to passthrough to a local IP.
I have a box that a specific IP is routed to it.. say 1.1.1.1
in my bce0 i don't have that ip configured but i have my public IP that say
2.2.2.2 that 1.1.1.1 is routed to it.
i configured 10.1.1.1/24 in bce0, my target box is 10.1.1.2/24.
i tried the following inside ngctl:
mkpeer ipfw: patch 300 in
name ipfw:300 src_dst_chg
msg src_dst_chg: setconfig { count=2 csum_flags=1 ops=[ { mode=1
value=0x0a010101 length=4 offset=3 } { mode=1 value=0x0a010102 length=4
offset=4 } ] }
in my box(10.1.1.1) i did:
sysctl net.inet.ip.fw.one_pass=0
/sbin/ipfw add 50 netgraph 300 ip from any to any to 1.1.1.1
then i do simple ping from outside box
i see the packets arrive on my 160 rule
but never leaves the box..
I would at least see packeta flow one direction to 10.1.1.2 and then that
need another ipfw and netgraph opposite rule.
If you have alternative way I'm happy to try...
Help much appreciated...
Sami
More information about the freebsd-current
mailing list