Date: Tue, 23 Jan 2018 09:17:07 -0700 From: Alan Somers <asomers@freebsd.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Kristof Provost <kp@freebsd.org> Subject: Re: pf: redirect a packet's port but not its address? Message-ID: <CAOtMX2jroiz57KyQZUk%2B4aW4=_1m=Qs7wEP=_3pEVL%2BE2jg22A@mail.gmail.com> In-Reply-To: <a4eef32f-0446-43d7-3291-8034423122f0@yandex.ru> References: <CAOtMX2j80odQ7%2Bt3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com> <a4eef32f-0446-43d7-3291-8034423122f0@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 23, 2018 at 7:16 AM, Andrey V. Elsukov <bu7cher@yandex.ru> wrote: > On 23.01.2018 03:35, Alan Somers wrote: > > All of these problems could be solved if pf were able to redirect a > > packet's destination port but not its address. You could bind the daemon > > to INADDR_ANY instead of localhost, and the packet it receives would be > > destined to the same address that the sender intended. > > > > Unfortunately, pf currently lacks this capability. But it looks like it > > could be added without breaking existing pf.conf syntax. Would this be a > > good idea? > > > > I don't use ipfw, but from reading the man page I believe that it has the > > same problem. > > I think ipfw should work with such configuration using "fwd" action, > since TCP/UDP has special handling for this. The man page says that the fwd directive always takes an IP address. What I need is a way to forward the port without changing the IP address. Is that possible in ipfw?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2jroiz57KyQZUk%2B4aW4=_1m=Qs7wEP=_3pEVL%2BE2jg22A>