From owner-freebsd-pf@FreeBSD.ORG Sat Jul 15 14:14:09 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8ACF16A4DA for ; Sat, 15 Jul 2006 14:14:09 +0000 (UTC) (envelope-from christian@de.clara.net) Received: from spamvir04.de.clara.net (spamvir04.de.clara.net [212.82.240.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A27843D49 for ; Sat, 15 Jul 2006 14:14:08 +0000 (GMT) (envelope-from christian@de.clara.net) Received: from localhost ([127.0.0.1]) by spamvir04.de.clara.net with esmtp (Exim 4.62) (envelope-from ) id 1G1kuF-0007w9-JY for freebsd-pf@freebsd.org; Sat, 15 Jul 2006 16:14:07 +0200 Received: from [192.168.0.221] (helo=[62.24.31.231]) by spamvir04.de.clara.net with esmtp (Exim 4.62) (envelope-from ) id 1G1kuF-0007w3-5a for freebsd-pf@freebsd.org; Sat, 15 Jul 2006 16:14:07 +0200 Message-ID: <44B8F827.5000602@de.clara.net> Date: Sat, 15 Jul 2006 16:13:59 +0200 From: Christian Meutes User-Agent: Mozilla Thunderbird 1.0.8 (Windows/20060417) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: RDR for locally generated traffic X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jul 2006 14:14:10 -0000 Hello list, iam trying to redirect traffic which is locally generated on a server to a different IP address. PF is running on the server and there is no way to change this. So for example if the server wants to deliver a mail via SMTP to 1.1.1.1 then PF should rewrite 1.1.1.1 to 2.2.2.2, keep-state for this and when the traffic arrives back from 2.2.2.2 PF should memorized this for changing the Source-IP back to 1.1.1.1 This sounds like a default port-forwarding setup which is done everywhere even on the smallest soho solutions outside in the customer world. But the difference is, that the traffic is a) locally generated and b) that in conventionelly setups the traffic is always arriving on a "outside" interface where the IP address is directly assigned which isnt the case in this setup. I have used a simple RDR rule for accomplishing this: "rdr pass on fxp0 proto tcp from $server_ip to 1.1.1.1 port 25 -> 2.2.2.2 ... but without any success. When tcpdumping on fxp0 to check what is happening, I recognized that the packets are pushed untouched outside of fxp0 with the original IP address (1.1.1.1), so no rewriting was happening. I thought that this would be a simple DNAT scenario, but the more iam trying to get this working the more iam believing that it isnt even possible. Does anyone have an idea what iam doing wrong or can just confirm that its not possible to rewrite such packets and maybe can point me to a other software solution (serverbased). Thanks for your ear! cheers, Christian