Please help with PF-based redirector
Alex Povolotsky
tarkhil at webmail.sub.ru
Mon Apr 16 12:04:36 UTC 2007
Max Laier wrote:
> On Sunday 15 April 2007 20:11, Alex Povolotsky wrote:
>
>> Hello!
>>
>> I'm trying to set up a box as round-robin TCP proxy. Of course, I'm
>> trying to do everything on kernel-level.
>>
>> This simple setup
>>
>> rdr on sk0 proto tcp from any to any port = smtp -> <outbound> port 25
>> round-robin
>>
>> should work. At least, I thought so.
>>
>> However, attempt to connect to port 25 yielded unexpected result. pfctl
>> -s state shows
>>
>> self tcp 89.108.94.212:25 <- 89.108.94.91:25 <-
>> 89.108.94.211:56975 CLOSED:SYN_SENT
>>
>
> Your test hosts seem to be on the same subnet. This does not work as you
> seems to think. In the same broadcast domain it is not possible for the
> pf box to forward the packet on behalf of the sending host (otherwise it
> would confuse the recipient or the switch). Instead it emits icmp
> redirects which are ignored in a normal setup.
>
> You have to separate the two networks in order for redirect to work the
> way you want it to.
>
Okay, thanks a lot, I'll give a try
Alex.
More information about the freebsd-net
mailing list