Date: Fri, 13 May 2016 12:47:34 +1000 From: Peter Jeremy <peter@rulingia.com> To: J Green <corpengineer@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Can pf simultaneously redirect to multiple, internal hosts? Message-ID: <20160513024734.GB38391@server.rulingia.com> In-Reply-To: <CANUpZyxXVJ-==UJvT5vDP_1O=mx54SpmQWW8z%2BhPGwdBE3kNuw@mail.gmail.com> References: <CANUpZyxXVJ-==UJvT5vDP_1O=mx54SpmQWW8z%2BhPGwdBE3kNuw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2016-May-12 11:09:57 -0700, J Green <corpengineer@gmail.com> wrote: >Can pf simultaneously redirect to multiple, internal hosts? > >Source -> UDP traffic -> pf (redirection) -> Host1 > -> Host2 > -> Host3 I think the answer is "no" but your question is slightly ambiguous. I believe there are 3 possible scenarios: 1) Traffic arrives addressed to a single UDP port at a single address and you want to replicate each incoming packet to multiple hosts: I think this is what you are trying to do and this isn't possible with pf. You could have a look at ng_tee(3) and if that doesn't do what you want, you will need to write a tool to do the replication - the easiest way is probably a proxy that recvfrom(2)'s the packets and then transmits multiple copies to the destination hosts. If you want to retain the original src address, you will need to use raw sockets, divert(4) or tap(4) to allow you to "forge" the src address on the outgoing packets. 2) Traffic arrives addressed to multiple UDP ports at a single addres and you want the traffic redirected to different hosts depending on the port. The pf 'rdr' command does this. 3) Traffic arrives addressed to several addresses and you want the traffic redirected to different hosts depending on the address. The pf 'binat' command does this. --=20 Peter Jeremy --FCuugMFkClbJLl1L Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXNUBGXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFRUIyOTg2QzMwNjcxRTc0RTY1QzIyN0Ux NkE1OTdBMEU0QTIwQjM0AAoJEBall6Dkogs0lEwP/0TGzMzB/11Vv17Jw1CF58zX UvXF/mPugD+LluBXSrePJYw2fw29ImW3PdQoKsXX5p/UL1tkRzW2S0zHD3ad0mNy 3dpyU9RVnJyK9XOuK2RlCucW7+YuUyfaYfiYg3uL+MX8yv/wQXMUVtfaNyajVmIt ybKeUMRnuJQ6UtYjHqR/g7yIr4NeW2OdtYtVR90mBpZQsbn4zQC+aitnPmiYc7d+ MExtzaVWpN9jt9wDQ413HG77mEn+5WQU9YR+1ee6Rs2Ub1n/8M5JInhjBf9ld2em gciNjX0PwZuNOXYv4etF3RIsyhSh+PpxRrjfk97/SREHJP5Ie6npWgWOgLjWGETS AhTZ69idtn5EqMRV/YvGBBl9tEM+vOobf+DYR/xsJoZ9Vejmq9KHtkaCngh8u2jc 86+/uFQtFY4CdQ77mbajV6h3Vp1e2cr9977GBSXjcha1nx9c98cn1xA8t8+6u16d HyWvic0ynHhATlKBLgHxOatLUZiFkz2Ub+pEMgqG/+LppxZNnpa64AiKuqY0OW5T D1q0SUbSo4P4ZCWeRYGdO5AFIq7UPyPDCaEmdD3pwKKh8DfEvymwd0xIQLegexHB vtvwB3/g/83u77ARIW/bEqj9/jOoco/nKchlWLClT/SZIzKLVikGlLfzjl+KrG+n KL4waGezA/mg74Q9/Xko =F2aQ -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160513024734.GB38391>