pf rdr + netsed : reinject loop...
Norberto Meijome
freebsd at meijome.net
Fri Aug 31 03:28:11 PDT 2007
Hello everyone, I need your help / insight here :)
My setup, 2 VMs, XP (WinXP) and BSD (FreeBSD 6.2)
[XP ,172.16.82.81 ] --- [172.16.82.81,em1 BSD A.B.C.D,em0] --- The Interweb ---- [Other_servers_galore]
A.B.C.D is a public IP.
[Other_servers_galore] represents all and any servers XP wants to talk to . I really don't know either port or IP of these servers.
BSD is performing as gateway for XP , with NAT on em0 using pf.
I want to replace certain bytes (FOO) in TCP packets between XP and [Other_servers_galore] for other bytes (BAR). Vlad Galu pointed out that net/netsed can help with this (with overhead, i know, this is only a test ). (Thanks again! )
so what I have setup :
1) pf.conf has :
----
ext_if="em0"
int_if="em1"
nat on $ext_if from $internal_net to any -> ($ext_if)
rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port 10101
-----
2) I run netsed in transparent proxy mode as :
netsed tcp 10101 0 0 s/FOO/BAR
---
The traffic from XP gets redirected just fine to netsed, which replaces the bytes just fine. BUT the changed packets (the output of netsed) get reinjected somewhere so that the rdr hits them again, sending them back to netsed ad infinitum. ( yes, i managed to hit a load of 700+ without anything ever leaving BSD ...quite cool)
Now, netsed works just fine in that setup if I define the IP, eg :
pf.conf :
ext_if="em0"
int_if="em1"
nat on $ext_if from $internal_net to any -> ($ext_if)
rdr on $int_if proto tcp from 172.16.82.81 to O.P.Q.R -> 127.0.0.1 port 10101
netsed :
netsed tcp 10101 O.P.Q.R 0 s/FOO/BAR
traffic goes to the external server O.P.Q.R ... but this was just a proof of concept, as I really can't tell the remote IPs in advance
How do I modify this setup so that netsed packets aren't caught again by pf's rdr and sent back into netsed ? I'm happy to try other tools / setups...
thanks for your time and any help you can provide :)
B
_________________________
{Beto|Norberto|Numard} Meijome
"Great spirits have often encountered violent opposition from mediocre minds."
Albert Einstein
I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.
More information about the freebsd-questions
mailing list