Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 13 May 2016 11:20:07 -0700
From:      J Green <corpengineer@gmail.com>
To:        Peter Jeremy <peter@rulingia.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Can pf simultaneously redirect to multiple, internal hosts?
Message-ID:  <CANUpZyxyPRuxd0FGxzy0So84Gv86p0MzfWLcHA3znHcH0OkRUg@mail.gmail.com>
In-Reply-To: <20160513024734.GB38391@server.rulingia.com>
References:  <CANUpZyxXVJ-==UJvT5vDP_1O=mx54SpmQWW8z%2BhPGwdBE3kNuw@mail.gmail.com> <20160513024734.GB38391@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Sorry for not being more concise.  Yes, I am looking at scenario number
1.  Reading up on ng_tee, looks interesting.  Thank you for the
recommendation.

On Thu, May 12, 2016 at 7:47 PM, Peter Jeremy <peter@rulingia.com> wrote:

> On 2016-May-12 11:09:57 -0700, J Green <corpengineer@gmail.com> wrote:
> >Can pf simultaneously redirect to multiple, internal hosts?
> >
> >Source -> UDP traffic -> pf  (redirection) -> Host1
> >                                                          -> Host2
> >                                                          -> Host3
>
> I think the answer is "no" but your question is slightly ambiguous.  I
> believe there are 3 possible scenarios:
>
> 1) Traffic arrives addressed to a single UDP port at a single address and
> you want to replicate each incoming packet to multiple hosts: I think
> this is what you are trying to do and this isn't possible with pf.  You
> could have a look at ng_tee(3) and if that doesn't do what you want, you
> will need to write a tool to do the replication - the easiest way is
> probably a proxy that recvfrom(2)'s the packets and then transmits
> multiple copies to the destination hosts.  If you want to retain the
> original src address, you will need to use raw sockets, divert(4) or
> tap(4) to allow you to "forge" the src address on the outgoing packets.
>
> 2) Traffic arrives addressed to multiple UDP ports at a single addres and
> you want the traffic redirected to different hosts depending on the port.
> The pf 'rdr' command does this.
>
> 3) Traffic arrives addressed to several addresses and you want the traffic
> redirected to different hosts depending on the address.  The pf 'binat'
> command does this.
>
> --
> Peter Jeremy
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANUpZyxyPRuxd0FGxzy0So84Gv86p0MzfWLcHA3znHcH0OkRUg>