On Fri, 31 Aug 2007 20:27:29 +1000 Norberto Meijome <[EMAIL PROTECTED]> wrote:
> Hello everyone, I need your help / insight here :) Mel (fbsd.questions at rachie.is-a-geek.net ) has very kindly and cleverly provided a neat solution for this problem. It was posted to Question@, and it can be found here : http://lists.freebsd.org/pipermail/freebsd-questions/2007-August/156901.html thanks everyone for your help! B > > My setup, 2 VMs, XP (WinXP) and BSD (FreeBSD 6.2) > > [XP ,172.16.82.81 ] --- [172.16.82.81,em1 BSD A.B.C.D,em0] --- The Interweb > ---- [Other_servers_galore] > > A.B.C.D is a public IP. > > [Other_servers_galore] represents all and any servers XP wants to talk to . I > really don't know either port or IP of these servers. > > BSD is performing as gateway for XP , with NAT on em0 using pf. > > I want to replace certain bytes (FOO) in TCP packets between XP and > [Other_servers_galore] for other bytes (BAR). Vlad Galu pointed out that > net/netsed can help with this (with overhead, i know, this is only a test ). > (Thanks again! ) > > so what I have setup : > > 1) pf.conf has : > ---- > ext_if="em0" > int_if="em1" > nat on $ext_if from $internal_net to any -> ($ext_if) > rdr on $int_if proto tcp from 172.16.82.81 to any -> 127.0.0.1 port 10101 > ----- > 2) I run netsed in transparent proxy mode as : > > netsed tcp 10101 0 0 s/FOO/BAR > > --- > The traffic from XP gets redirected just fine to netsed, which replaces the > bytes just fine. BUT the changed packets (the output of netsed) get > reinjected somewhere so that the rdr hits them again, sending them back to > netsed ad infinitum. ( yes, i managed to hit a load of 700+ without anything > ever leaving BSD ...quite cool) > > Now, netsed works just fine in that setup if I define the IP, eg : > pf.conf : > ext_if="em0" > int_if="em1" > nat on $ext_if from $internal_net to any -> ($ext_if) > rdr on $int_if proto tcp from 172.16.82.81 to O.P.Q.R -> 127.0.0.1 port 10101 > > netsed : > netsed tcp 10101 O.P.Q.R 0 s/FOO/BAR > > traffic goes to the external server O.P.Q.R ... but this was just a proof of > concept, as I really can't tell the remote IPs in advance > > How do I modify this setup so that netsed packets aren't caught again by pf's > rdr and sent back into netsed ? I'm happy to try other tools / setups... > > thanks for your time and any help you can provide :) > B _________________________ {Beto|Norberto|Numard} Meijome Commitment is active, not passive. Commitment is doing whatever you can to bring about the desired result. Anything less is half-hearted. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
