Date: Tue, 23 Jan 2018 17:16:04 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Alan Somers <asomers@freebsd.org>, FreeBSD Net <freebsd-net@freebsd.org>, Kristof Provost <kp@freebsd.org> Subject: Re: pf: redirect a packet's port but not its address? Message-ID: <a4eef32f-0446-43d7-3291-8034423122f0@yandex.ru> In-Reply-To: <CAOtMX2j80odQ7%2Bt3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com> References: <CAOtMX2j80odQ7%2Bt3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hMNh5Xie9TomrWJ5jLgspyeaPDLaatlqs Content-Type: multipart/mixed; boundary="0VdhQtfovFYlgMGhna8UDbhMu4cf6DTdq"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Alan Somers <asomers@freebsd.org>, FreeBSD Net <freebsd-net@freebsd.org>, Kristof Provost <kp@freebsd.org> Message-ID: <a4eef32f-0446-43d7-3291-8034423122f0@yandex.ru> Subject: Re: pf: redirect a packet's port but not its address? References: <CAOtMX2j80odQ7+t3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com> In-Reply-To: <CAOtMX2j80odQ7+t3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com> --0VdhQtfovFYlgMGhna8UDbhMu4cf6DTdq Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 23.01.2018 03:35, Alan Somers wrote: > All of these problems could be solved if pf were able to redirect a > packet's destination port but not its address. You could bind the daem= on > to INADDR_ANY instead of localhost, and the packet it receives would be= > destined to the same address that the sender intended. >=20 > Unfortunately, pf currently lacks this capability. But it looks like i= t > could be added without breaking existing pf.conf syntax. Would this be= a > good idea? >=20 > I don't use ipfw, but from reading the man page I believe that it has t= he > same problem. I think ipfw should work with such configuration using "fwd" action, since TCP/UDP has special handling for this. --=20 WBR, Andrey V. Elsukov --0VdhQtfovFYlgMGhna8UDbhMu4cf6DTdq-- --hMNh5Xie9TomrWJ5jLgspyeaPDLaatlqs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlpnQ6QACgkQAcXqBBDI oXov9Af+MEAeLmnONxLMCV8oQTQXe5i256ey0JIT5DwuuMS8ISYG0APYaMo5EhXY cfdXv1J8PyB7QV8Fgiq8uMTOopYhz7KFGcPizToDT1foqtYBvD86DmPNN5k/Hbbj fPmc+bkWaLl5gQtRD4PfCxmlSQ6nMF7F36BowfbwXruV1YtPpLJheEy+Ui1aOMhC MW3HbCaLjkI3h1AEeW8warYdns4upaNr0/usrmGCGgVQuXb9tpM+pTjRLtFqdykR D7VCOeA26MUaM4PGrCPl8rFcX/caHFGSmdjSn9JLGiCBf6a4cplY1Et242Hezcit VrQwZ4Qn7gjPddRCbDZl3qPCjVP4jw== =SOSu -----END PGP SIGNATURE----- --hMNh5Xie9TomrWJ5jLgspyeaPDLaatlqs--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a4eef32f-0446-43d7-3291-8034423122f0>