pf rdr + netsed : reinject loop...
Mel
fbsd.questions at rachie.is-a-geek.net
Fri Aug 31 04:29:34 PDT 2007
On Friday 31 August 2007 12:27:29 Norberto Meijome wrote:
> 1) pf.conf has :
> ----
> ext_if="em0"
> int_if="em1"
> nat on $ext_if from $internal_net to any -> ($ext_if)
> rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port 10101
> -----
> 2) I run netsed in transparent proxy mode as :
>
> netsed tcp 10101 0 0 s/FOO/BAR
>
> ---
> The traffic from XP gets redirected just fine to netsed, which replaces the
> bytes just fine. BUT the changed packets (the output of netsed) get
> reinjected somewhere so that the rdr hits them again, sending them back to
> netsed ad infinitum. ( yes, i managed to hit a load of 700+ without
> anything ever leaving BSD ...quite cool)
I think you're looking for tagging, for example:
rdr on $int_if proto tcp from 172.16.82.81 to any tag NETSED -> 127.0.0.1 port
10101
Then you need to figure out how they come back and pass them through, for
example:
pass in on $int_if proto tcp tagged NETSED keep state
See pf.conf(5) for more info. The examples section has one for spamd
redirection.
--
Mel
More information about the freebsd-questions
mailing list