From owner-freebsd-pf@freebsd.org Thu May 12 18:09:58 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D78F6B3817A for ; Thu, 12 May 2016 18:09:58 +0000 (UTC) (envelope-from corpengineer@gmail.com) Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A0033107D for ; Thu, 12 May 2016 18:09:58 +0000 (UTC) (envelope-from corpengineer@gmail.com) Received: by mail-oi0-x231.google.com with SMTP id k142so133025137oib.1 for ; Thu, 12 May 2016 11:09:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=0fgkBUMYZECdPLuME2NNSYYz4JKpa6ErKDmV4uctTe8=; b=nRQftxvU7RbETT9bfBpqkIIRjxMDAMgLtGfw51TaGwF+4ajtz3CHko+U948yhpvdM4 jgpQESVx2lO/yPUUhETfdqKgdgj6CNq5rZ0zMq15bKSL9kfD0YjhZXxRm2JWRgUfg1Mt 09fAdjWBYRTvtxjyO3+7dul7LXa+5f4dPBf2Bpzjf/ivv16zrshZpJUJaW9joefGs4Mv srOeBV1AvFMnvZ4lzOmyL0WwaDORhEN93pzyETXoP+AdSNNyGkWayVktCLXv8u/i0qHp GwtTWwZM5VAkYNR3tA40TtGMZ6G4yoQ71eH3qzPzBROuD2fWyUV5JKmUMAOWJ8aSuuvS aurw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=0fgkBUMYZECdPLuME2NNSYYz4JKpa6ErKDmV4uctTe8=; b=jALCNYBe2bkMZH3vl6tpTBbCP1EbWOMhQRRE4EK80EIeJw04BTDpZc4R8gLDDawC+6 cbsB96SMArH6LYNSJL+B6FFrHkSaCUolP6wuMFu1ONGwz/44TuwvMTdz2WakE8SQM8sm ZBnLyX9o0Rnu5ilPAgviYHv4Nhg1YwxVIY2j5PhBWq7dIpjWcFQdiFHc5T3gcFmxmVK8 /IoDLZ8LS9gW3IqN3SKK00Bel7as4AQAq9HdMVUbTiNwroV1X8DLt5ocKkJRgUODieHp l9BILqMUgX+agbebEXWcBfMx8aKGM7l3TE1IbKQAm0ekobLjQA5o1p82S13aexrfI6yE vU7A== X-Gm-Message-State: AOPr4FV8Qflt4KpDfmuRLVDV2M4WxZAVLtHCzg/MpLzM1X/4ZX5o4Vmeqvh9yOSyd4KmHv6n/j2IHr4bdUx/Sw== MIME-Version: 1.0 X-Received: by 10.202.58.87 with SMTP id h84mr6267483oia.169.1463076597894; Thu, 12 May 2016 11:09:57 -0700 (PDT) Received: by 10.157.11.74 with HTTP; Thu, 12 May 2016 11:09:57 -0700 (PDT) Date: Thu, 12 May 2016 11:09:57 -0700 Message-ID: Subject: Re: Can pf simultaneously redirect to multiple, internal hosts? From: J Green To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2016 18:09:58 -0000 Hello all: Can pf simultaneously redirect to multiple, internal hosts? Source -> UDP traffic -> pf (redirection) -> Host1 -> Host2 -> Host3 I believe what I am looking for is called redirection. However it appears to be implemented such that pf will only forward traffic to one internal host at a time. I am looking for a solution where UDP traffic will be forwarded to multiple internal hosts, at the same time. Is this possible? Thank you. From owner-freebsd-pf@freebsd.org Thu May 12 19:30:18 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5AF13B38406 for ; Thu, 12 May 2016 19:30:18 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 36EB81669 for ; Thu, 12 May 2016 19:30:17 +0000 (UTC) (envelope-from bsd-lists@bsdforge.com) Received: from ultimatedns.net (localhost [127.0.0.1]) by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id u4CJVUZg066447 for ; Thu, 12 May 2016 12:31:36 -0700 (PDT) (envelope-from bsd-lists@bsdforge.com) To: In-Reply-To: References: From: "Chris H" Subject: Re: Can pf simultaneously redirect to multiple, internal hosts? Date: Thu, 12 May 2016 12:31:36 -0700 Content-Type: text/plain; charset=UTF-8; format=fixed MIME-Version: 1.0 Message-id: <50db6c16ec3c264a6a0d31bd4507af83@ultimatedns.net> Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2016 19:30:18 -0000 On Thu, 12 May 2016 11:09:57 -0700 J Green wrote > Hello all: > > Can pf simultaneously redirect to multiple, internal hosts? > > Source -> UDP traffic -> pf (redirection) -> Host1 > -> Host2 > -> Host3 > > I believe what I am looking for is called redirection. However it appears > to be implemented such that pf will only forward traffic to one internal > host at a time. I am looking for a solution where UDP traffic will be > forwarded to multiple internal hosts, at the same time. > > Is this possible? While I have no actual, specific solution. I'm wondering if divert(4) might be of any aid. Just throwing it out there, in case it might be of any value. :) --Chris > > Thank you. > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@freebsd.org Thu May 12 23:29:54 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47377B380FA for ; Thu, 12 May 2016 23:29:54 +0000 (UTC) (envelope-from corpengineer@gmail.com) Received: from mail-oi0-x22f.google.com (mail-oi0-x22f.google.com [IPv6:2607:f8b0:4003:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0D6061431 for ; Thu, 12 May 2016 23:29:54 +0000 (UTC) (envelope-from corpengineer@gmail.com) Received: by mail-oi0-x22f.google.com with SMTP id v145so144980123oie.0 for ; Thu, 12 May 2016 16:29:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=ol8BS1pCN0IweK8DagfXgENMLFD6uIWWtSB0gmg9vEI=; b=ywBy6E8aW+b4xxPy2GKxynDPGvjYn1jDjk/iO/Y2Yy8XX0tbJeONkXOz2dxMGmwTz/ g+bpR1+XVVUouq6geo8HM+hz4KXDkyRN3/ryCGSM1V+t5P1UUELLskS+1c5OyD3ny/SP h8WyEcJH3RsHF3GkaTK1VsGyDX5elvCakUcyyNHkD4+TFItEVVIa5P1r6H006EFF6CAh Iy2xy4DYztszGaTxPqUsYCsdvdjYOfhjAjgCXOm68XTEcEOTJKf9393T67TLsC1QzJkf Wb/AZq22vKTjvcXc5jgDFZTVNuT4gMEgIFgGz+f1+8EY+oa8ILWvg5+Yva9/Qmj+/d2p AWqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=ol8BS1pCN0IweK8DagfXgENMLFD6uIWWtSB0gmg9vEI=; b=aphv075ZrAXyfEiVALkDxpmo6cpgOm6uCkJ/+IBYyZrRVS0zxYxQNqPqPSWgBDKVyu F4bsG8njMSPEX8Ec7UHLpgMuZcDR+0vSA4Hja0QM+HsCIH/VtBnQ9RPTjq8TPX6CdNl0 PSN6KNp8Rc7ZwZa5d7O73CCysRB96jaF/G+Qw0BfpuandzoIYBJGxmY6AvCEtl22J9Iu QZoNw/0TTPwCfw/Xkg7GF5Aj+HZKo6xzkRVjd0ULJF1JDDHYKnHXsv+lFU70hdlY86N3 BMUIspvBpKEQoKQfDnqH6ZNsfAcjiEDOmxB22MG9SA8IrSg4okFp642kJx2z3js3kiaD FCAA== X-Gm-Message-State: AOPr4FVmtulTSfglMBY8dydACZLdpj8ippovxca9W4VBaWiovNm/rKs8e8O3L/1bYFi7fg19nAkMmnlf7tRmKQ== MIME-Version: 1.0 X-Received: by 10.157.14.108 with SMTP id n41mr7644494otd.121.1463095793480; Thu, 12 May 2016 16:29:53 -0700 (PDT) Received: by 10.157.11.74 with HTTP; Thu, 12 May 2016 16:29:53 -0700 (PDT) In-Reply-To: <50db6c16ec3c264a6a0d31bd4507af83@ultimatedns.net> References: <50db6c16ec3c264a6a0d31bd4507af83@ultimatedns.net> Date: Thu, 12 May 2016 16:29:53 -0700 Message-ID: Subject: Re: Can pf simultaneously redirect to multiple, internal hosts? From: J Green To: Chris H Cc: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 May 2016 23:29:54 -0000 Interesting. Looking into it. Thank you. On Thu, May 12, 2016 at 12:31 PM, Chris H wrote: > On Thu, 12 May 2016 11:09:57 -0700 J Green wrote > > > Hello all: > > > > Can pf simultaneously redirect to multiple, internal hosts? > > > > Source -> UDP traffic -> pf (redirection) -> Host1 > > -> Host2 > > -> Host3 > > > > I believe what I am looking for is called redirection. However it > appears > > to be implemented such that pf will only forward traffic to one internal > > host at a time. I am looking for a solution where UDP traffic will be > > forwarded to multiple internal hosts, at the same time. > > > > Is this possible? > While I have no actual, specific solution. I'm wondering if divert(4) > might be of any aid. Just throwing it out there, in case it might be > of any value. :) > > --Chris > > > > Thank you. > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > From owner-freebsd-pf@freebsd.org Fri May 13 02:47:56 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3AB88B384AF for ; Fri, 13 May 2016 02:47:56 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vps.rulingia.com (vps.rulingia.com [103.243.244.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "rulingia.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DB0751FD4 for ; Fri, 13 May 2016 02:47:55 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from server.rulingia.com (ppp59-167-167-3.static.internode.on.net [59.167.167.3]) by vps.rulingia.com (8.15.2/8.15.2) with ESMTPS id u4D2lelg036106 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 13 May 2016 12:47:45 +1000 (AEST) (envelope-from peter@rulingia.com) X-Bogosity: Ham, spamicity=0.000000 Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1]) by server.rulingia.com (8.15.2/8.15.2) with ESMTPS id u4D2lYEN059661 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 13 May 2016 12:47:34 +1000 (AEST) (envelope-from peter@server.rulingia.com) Received: (from peter@localhost) by server.rulingia.com (8.15.2/8.15.2/Submit) id u4D2lYQY059660; Fri, 13 May 2016 12:47:34 +1000 (AEST) (envelope-from peter) Date: Fri, 13 May 2016 12:47:34 +1000 From: Peter Jeremy To: J Green Cc: freebsd-pf@freebsd.org Subject: Re: Can pf simultaneously redirect to multiple, internal hosts? Message-ID: <20160513024734.GB38391@server.rulingia.com> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="FCuugMFkClbJLl1L" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.6.1 (2016-04-27) X-Greylist: Sender succeeded STARTTLS authentication, not delayed by milter-greylist-4.4.3 (vps.rulingia.com [103.243.244.15]); Fri, 13 May 2016 12:47:45 +1000 (AEST) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2016 02:47:56 -0000 --FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2016-May-12 11:09:57 -0700, J Green wrote: >Can pf simultaneously redirect to multiple, internal hosts? > >Source -> UDP traffic -> pf (redirection) -> Host1 > -> Host2 > -> Host3 I think the answer is "no" but your question is slightly ambiguous. I believe there are 3 possible scenarios: 1) Traffic arrives addressed to a single UDP port at a single address and you want to replicate each incoming packet to multiple hosts: I think this is what you are trying to do and this isn't possible with pf. You could have a look at ng_tee(3) and if that doesn't do what you want, you will need to write a tool to do the replication - the easiest way is probably a proxy that recvfrom(2)'s the packets and then transmits multiple copies to the destination hosts. If you want to retain the original src address, you will need to use raw sockets, divert(4) or tap(4) to allow you to "forge" the src address on the outgoing packets. 2) Traffic arrives addressed to multiple UDP ports at a single addres and you want the traffic redirected to different hosts depending on the port. The pf 'rdr' command does this. 3) Traffic arrives addressed to several addresses and you want the traffic redirected to different hosts depending on the address. The pf 'binat' command does this. --=20 Peter Jeremy --FCuugMFkClbJLl1L Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXNUBGXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRUIyOTg2QzMwNjcxRTc0RTY1QzIyN0Ux NkE1OTdBMEU0QTIwQjM0AAoJEBall6Dkogs0lEwP/0TGzMzB/11Vv17Jw1CF58zX UvXF/mPugD+LluBXSrePJYw2fw29ImW3PdQoKsXX5p/UL1tkRzW2S0zHD3ad0mNy 3dpyU9RVnJyK9XOuK2RlCucW7+YuUyfaYfiYg3uL+MX8yv/wQXMUVtfaNyajVmIt ybKeUMRnuJQ6UtYjHqR/g7yIr4NeW2OdtYtVR90mBpZQsbn4zQC+aitnPmiYc7d+ MExtzaVWpN9jt9wDQ413HG77mEn+5WQU9YR+1ee6Rs2Ub1n/8M5JInhjBf9ld2em gciNjX0PwZuNOXYv4etF3RIsyhSh+PpxRrjfk97/SREHJP5Ie6npWgWOgLjWGETS AhTZ69idtn5EqMRV/YvGBBl9tEM+vOobf+DYR/xsJoZ9Vejmq9KHtkaCngh8u2jc 86+/uFQtFY4CdQ77mbajV6h3Vp1e2cr9977GBSXjcha1nx9c98cn1xA8t8+6u16d HyWvic0ynHhATlKBLgHxOatLUZiFkz2Ub+pEMgqG/+LppxZNnpa64AiKuqY0OW5T D1q0SUbSo4P4ZCWeRYGdO5AFIq7UPyPDCaEmdD3pwKKh8DfEvymwd0xIQLegexHB vtvwB3/g/83u77ARIW/bEqj9/jOoco/nKchlWLClT/SZIzKLVikGlLfzjl+KrG+n KL4waGezA/mg74Q9/Xko =F2aQ -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L-- From owner-freebsd-pf@freebsd.org Fri May 13 18:20:08 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BC299B39FA6 for ; Fri, 13 May 2016 18:20:08 +0000 (UTC) (envelope-from corpengineer@gmail.com) Received: from mail-oi0-x235.google.com (mail-oi0-x235.google.com [IPv6:2607:f8b0:4003:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8281D13B4 for ; Fri, 13 May 2016 18:20:08 +0000 (UTC) (envelope-from corpengineer@gmail.com) Received: by mail-oi0-x235.google.com with SMTP id k142so183549923oib.1 for ; Fri, 13 May 2016 11:20:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=dO7aP57wUDfgRbShmY+t/vuYyVnSwnSEOUs4A0n+B8Q=; b=qWZKWLRTbDMKj3/Y6cgn1/YTogzNHgYUcNJs4QSK0F8LVZYDtHVcAHrMOBeTMvH3Hg 3BBjms0lDFtFMiZQlsXFkM0xoAfRg+vV6sr9mP+A2j2d++NWFA7krDw7qWr/fGIM+mHX kCcxlOv5cNdY+yRRR/bTbXil9JRWKjrU0G98OGWVIpzrTJ1PEkW2mXOI+24QKPLbADYZ 4eSmai+bpbN7Pcu1vVrswuut3zO+P1oduNQIcVToMy/AUv88PI53Yz6vdSHVqtw/0Yx5 oR/i2zogwNPUGtaMvchfzIxQTvU2zwh7aD+iyFt5dVLVHvaCYIFQzOsv5Eb7jzudbCz3 hSWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=dO7aP57wUDfgRbShmY+t/vuYyVnSwnSEOUs4A0n+B8Q=; b=FjDchQZ5IZ5ZAReEy5l1FLNGEtOWuNK2DqVkaG6h51oyMYlPJuX/RbC15JbIRfcZjD 3xLl9gNmFNxFOMj9dRWCGq/o4q0TvrU/ZG8Ekd6C4MpwUhRgg9E16HH69ShUc0MbcKa5 71nOyHbI6FHddtWymsvIegMAMq9lE+BslgnZrC8vCnjmPiU7Sk36iILf/TRvYYXsnGUu w7TDqHVEktXX500HQjfdbQkhiKfrF7OhPhqezuk0BHCmpvx0y6+qm8pWlsWs7vKJk7pU DQF5Ybd9H3Vc53I/iP+g8M/1JD+7nbzx28bIEFy7F/opNSrzkp7PNKCal3xH9f8u8BMY wFgw== X-Gm-Message-State: AOPr4FUA2DnAbuj6IJU+mZxqFxBZaZ3eYVAifsIGxHfUaQrjoWf0mSp7wqmBccj2NxUpyFZFWhHPjM1ttZfUUQ== MIME-Version: 1.0 X-Received: by 10.202.68.70 with SMTP id r67mr8506016oia.181.1463163607708; Fri, 13 May 2016 11:20:07 -0700 (PDT) Received: by 10.157.25.203 with HTTP; Fri, 13 May 2016 11:20:07 -0700 (PDT) In-Reply-To: <20160513024734.GB38391@server.rulingia.com> References: <20160513024734.GB38391@server.rulingia.com> Date: Fri, 13 May 2016 11:20:07 -0700 Message-ID: Subject: Re: Can pf simultaneously redirect to multiple, internal hosts? From: J Green To: Peter Jeremy Cc: freebsd-pf@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 May 2016 18:20:08 -0000 Sorry for not being more concise. Yes, I am looking at scenario number 1. Reading up on ng_tee, looks interesting. Thank you for the recommendation. On Thu, May 12, 2016 at 7:47 PM, Peter Jeremy wrote: > On 2016-May-12 11:09:57 -0700, J Green wrote: > >Can pf simultaneously redirect to multiple, internal hosts? > > > >Source -> UDP traffic -> pf (redirection) -> Host1 > > -> Host2 > > -> Host3 > > I think the answer is "no" but your question is slightly ambiguous. I > believe there are 3 possible scenarios: > > 1) Traffic arrives addressed to a single UDP port at a single address and > you want to replicate each incoming packet to multiple hosts: I think > this is what you are trying to do and this isn't possible with pf. You > could have a look at ng_tee(3) and if that doesn't do what you want, you > will need to write a tool to do the replication - the easiest way is > probably a proxy that recvfrom(2)'s the packets and then transmits > multiple copies to the destination hosts. If you want to retain the > original src address, you will need to use raw sockets, divert(4) or > tap(4) to allow you to "forge" the src address on the outgoing packets. > > 2) Traffic arrives addressed to multiple UDP ports at a single addres and > you want the traffic redirected to different hosts depending on the port. > The pf 'rdr' command does this. > > 3) Traffic arrives addressed to several addresses and you want the traffic > redirected to different hosts depending on the address. The pf 'binat' > command does this. > > -- > Peter Jeremy >