Date: Wed, 1 Feb 2006 20:12:28 +0100 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: Using pf to force different outgoing IP address depending on UNIX user/group for locally originating connection? Message-ID: <200602012012.35732.max@love2party.net> In-Reply-To: <43DFC05E.5030602@i.cz> References: <43DFC05E.5030602@i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tuesday 31 January 2006 20:54, Eduard Vopicka wrote: > My goal is to use pf to force (via NAT) different IP outgoing addresses > depending on UID and/or GID of the program establishing the connection, for > connections originating locally on machine with FreeBSD 5.4. (I do not > expect this to work for setuid/setgid programs.) Did you consider just useing jail(8) to jail the processes to the specific IP. This should be most performant and also easy to setup (depending on your configuration requirements). If you are concerned with daemons here it's a matter of perpending "jail / hostname IP" to the startup script, if you are concerned with real useres it's a bit more complicated, but there are dozens of tutorials on the web. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBD4QgjXyyEoT62BG0RAgAnAJ9JHxeBJVtqPKuylLjEX0zW3SExTQCfesot DSBC2Tuz46knk0D1LnskglQ= =hlE3 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602012012.35732.max>