From owner-freebsd-pf@FreeBSD.ORG  Thu Sep 15 13:53:39 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E1EDE16A41F
	for <freebsd-pf@freebsd.org>; Thu, 15 Sep 2005 13:53:39 +0000 (GMT)
	(envelope-from vapcom@mail.ru)
Received: from f24.mail.ru (f24.mail.ru [194.67.57.160])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8336843D46
	for <freebsd-pf@freebsd.org>; Thu, 15 Sep 2005 13:53:39 +0000 (GMT)
	(envelope-from vapcom@mail.ru)
Received: from mail by f24.mail.ru with local 
	id 1EFuBF-0009ch-00; Thu, 15 Sep 2005 17:53:37 +0400
Received: from [194.190.210.150] by win.mail.ru with HTTP;
	Thu, 15 Sep 2005 17:53:37 +0400
From: Boris Polevoy <vapcom@mail.ru>
To: Brian Candler <B.Candler@pobox.com>
Mime-Version: 1.0
X-Mailer: mPOP Web-Mail 2.19
X-Originating-IP: 192.168.1.8 via proxy [194.190.210.150]
Date: Thu, 15 Sep 2005 17:53:37 +0400
In-Reply-To: <20050915123654.GA1315@uk.tiscali.com>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: <E1EFuBF-0009ch-00.vapcom-mail-ru@f24.mail.ru>
Cc: freebsd-pf@freebsd.org
Subject: Re[2]: Using 'rdr' on outbound connections
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Boris Polevoy <vapcom@mail.ru>
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2005 13:53:40 -0000

Hello, Brain!

> I'm coming to the conclusion that 'rdr' acts on an "inbound" interface, i.e.
> packets arriving at the kernel, and locally-originated packets don't match
> any interface; or something like that.
> 
> But I was hoping there would be someone on the list who has a reasonably
> deep knowledge of the 'pf' code and could explain whether what I want to do
> is not possible, or if it is, how to do it.
> 

RDR only works on incoming packets. This is code from pf.c:

        if (direction == PF_OUT) {
                r = pf_match_translation(pd, m, off, direction, kif, saddr,
                    sport, daddr, dport, PF_RULESET_BINAT);
                if (r == NULL)
                        r = pf_match_translation(pd, m, off, direction, kif,
                            saddr, sport, daddr, dport, PF_RULESET_NAT);
        } else {
                r = pf_match_translation(pd, m, off, direction, kif, saddr,
                    sport, daddr, dport, PF_RULESET_RDR);
                if (r == NULL)
                        r = pf_match_translation(pd, m, off, direction, kif,
                            saddr, sport, daddr, dport, PF_RULESET_BINAT);
        }

As you can see, pf_match_translation(PF_RULESET_RDR) called only on PF_IN direction.

Whith best regards,
Boris Polevoy