On Wed, Jul 11, 2012 at 12:32:09PM +0200, Otto Moerbeek wrote:
> On Wed, Jul 11, 2012 at 11:52:41AM +0200, Peter J. Philipp wrote:
>
> > On Tue, Jul 10, 2012 at 09:34:04PM +0200, Peter J. Philipp wrote:
> >
> > > # pfctl -srules
> > > pass all flags S/SA
> > > block drop in on ! lo0 proto tcp from any to any port 6000:6010
> > > block drop in on re0 inet from <fuckoff> to any
> > > pass in on re0 inet proto udp from any to any port = 53 scrub (reassemble
> > > tcp) divert-packet port 9999
> >
> > I have taken the code from divert(4) manpage and applied it to the above
> > divert-packet rule. Here is what I see:
> >
> > # ./testd
> > 192.168.4.1:41863 -> 192.168.4.2:53
> > 192.168.4.2:53 -> 192.168.4.1:41863
> >
> > But the packets never make it out to host 192.168.4.1 at all, they get
> > dropped
> > somewhere. netstat -s says there is no error on the divert: section.
> >
> > > Any small hint would be appreciated,
> >
> > -peter
>
> Obvious thing to check: return value from sendto(2).
>
> -Otto
Also, first make sure that without diverting, packets make it through.
You could be looking at a simple routing problem, for example.
A couple of time, I managed to forget net.inet.ip.forwarding=1 while
testing routing stuff.
-Otto
