From owner-freebsd-pf@FreeBSD.ORG Thu Sep 15 12:04:39 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C475216A41F for ; Thu, 15 Sep 2005 12:04:39 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from orb.pobox.com (orb.pobox.com [207.8.226.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2FE7843D4C for ; Thu, 15 Sep 2005 12:04:39 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from orb (localhost [127.0.0.1]) by orb.pobox.com (Postfix) with ESMTP id 4B2BD3229; Thu, 15 Sep 2005 08:05:00 -0400 (EDT) Received: from billdog.local.linnet.org (dsl-212-74-113-66.access.uk.tiscali.com [212.74.113.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by orb.sasl.smtp.pobox.com (Postfix) with ESMTP id 00B1387; Thu, 15 Sep 2005 08:04:58 -0400 (EDT) Received: from brian by billdog.local.linnet.org with local (Exim 4.50 (FreeBSD)) id 1EFsWr-0000KB-Ue; Thu, 15 Sep 2005 13:07:49 +0100 Date: Thu, 15 Sep 2005 13:07:49 +0100 From: Brian Candler To: Greg Hennessy Message-ID: <20050915120749.GA1235@uk.tiscali.com> References: <20050915111712.GA1110@uk.tiscali.com> <20050915113918.173F24D@gw2.local.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050915113918.173F24D@gw2.local.net> User-Agent: Mutt/1.4.2.1i Cc: freebsd-pf@freebsd.org Subject: Re: Using 'rdr' on outbound connections X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2005 12:04:39 -0000 On Thu, Sep 15, 2005 at 12:39:18PM +0100, Greg Hennessy wrote: > > > rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port > > 25 rdr pass on lo0 proto tcp from any to any port 25 -> > > 127.0.0.1 port 25 rdr pass on fxp0 proto tcp from any to any > > port 25 -> 127.0.0.1 port 25 > > Have you tried rdr on its own combined with an explicit pass rule in your > policy ? I tried 'rdr' by itself originally, yes. There is no extra policy at all in this ruleset; that's my entire /etc/pf.conf. Since filter policy defaults to 'pass', then it shouldn't make any different, should it? I appreciate you making suggestions, but perhaps if you have a spare machine available, you could try replicating the problem? It's different from your squid setup, where traffic originates from another client and passes through your FreeBSD router. As I said before, I've demonstrated to myself that rdr works when the traffic is inbound from another machine. Regards, Brian.