Date: Wed, 25 Jan 2023 08:14:07 +0000 From: bugzilla-noreply@freebsd.org To: pf@FreeBSD.org Subject: [Bug 268717] [pf] rdr rules don't work for traffic originating at localhost Message-ID: <bug-268717-16861-G9vnRVJz3f@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-268717-16861@https.bugs.freebsd.org/bugzilla/> References: <bug-268717-16861@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268717 --- Comment #15 from Kristof Provost <kp@freebsd.org> --- (In reply to dfr from comment #14) Right, but rdr very much expects to be used on inbound traffic only. I believe the relevant code to be in pf_get_translation(), where we only lo= ok at the RDR ruleset if direction !=3D PF_OUT (i.e. it's PF_IN). So I think we have three choices: 1) extend nat (or binat) to be able to change the port and destination addr= ess (rather than source address). 2) teach rdr to work on PF_OUT 3) Build on the work in https://reviews.freebsd.org/D38025 and use OpenBSD's rdr-to, where the man page at least seems to suggest it can also work out outbound traffic. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268717-16861-G9vnRVJz3f>