Please help with PF-based redirector

Max Laier max at love2party.net
Mon Apr 16 11:59:46 UTC 2007 

On Sunday 15 April 2007 20:11, Alex Povolotsky wrote:
> Hello!
>
> I'm trying to set up a box as round-robin TCP proxy. Of course, I'm
> trying to do everything on kernel-level.
>
> This simple setup
>
> rdr on sk0 proto tcp from any to any port = smtp -> <outbound> port 25
> round-robin
>
> should work. At least, I thought so.
>
> However, attempt to connect to port 25 yielded unexpected result. pfctl
> -s state shows
>
> self tcp 89.108.94.212:25 <- 89.108.94.91:25 <-
> 89.108.94.211:56975       CLOSED:SYN_SENT

Your test hosts seem to be on the same subnet.  This does not work as you 
seems to think.  In the same broadcast domain it is not possible for the 
pf box to forward the packet on behalf of the sending host (otherwise it 
would confuse the recipient or the switch).  Instead it emits icmp 
redirects which are ignored in a normal setup.

You have to separate the two networks in order for redirect to work the 
way you want it to.

> connection never established, and no IP packet ever sends out to
> 89.108.94.212:25
>
> I don't understand this thing. Maybe someone can point me to my error?
>
> (firewall rules a quite permissive, in fact, they are pass in quick and
> pass out quick for all interfaces. attempt to telnet to port 25 outside
> works ok)
>
> Alex.
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20070416/62093152/attachment.pgp

More information about the freebsd-net mailing list