Date: Tue, 23 Jan 2018 20:39:14 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Alan Somers <asomers@freebsd.org> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Kristof Provost <kp@freebsd.org> Subject: Re: pf: redirect a packet's port but not its address? Message-ID: <759792be-189f-bdaf-04c9-b01d26fa9e00@yandex.ru> In-Reply-To: <CAOtMX2jroiz57KyQZUk%2B4aW4=_1m=Qs7wEP=_3pEVL%2BE2jg22A@mail.gmail.com> References: <CAOtMX2j80odQ7%2Bt3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com> <a4eef32f-0446-43d7-3291-8034423122f0@yandex.ru> <CAOtMX2jroiz57KyQZUk%2B4aW4=_1m=Qs7wEP=_3pEVL%2BE2jg22A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EUnG8SM6FWjFLianwnxIh9seDmuPZouaX Content-Type: multipart/mixed; boundary="xHGt9vztKETuFlHnR5aksi6wgQMhFXgBZ"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Alan Somers <asomers@freebsd.org> Cc: FreeBSD Net <freebsd-net@freebsd.org>, Kristof Provost <kp@freebsd.org> Message-ID: <759792be-189f-bdaf-04c9-b01d26fa9e00@yandex.ru> Subject: Re: pf: redirect a packet's port but not its address? References: <CAOtMX2j80odQ7+t3eiFfyV-B5AU0deeNFU1HLwAf05fL8nJZhA@mail.gmail.com> <a4eef32f-0446-43d7-3291-8034423122f0@yandex.ru> <CAOtMX2jroiz57KyQZUk+4aW4=_1m=Qs7wEP=_3pEVL+E2jg22A@mail.gmail.com> In-Reply-To: <CAOtMX2jroiz57KyQZUk+4aW4=_1m=Qs7wEP=_3pEVL+E2jg22A@mail.gmail.com> --xHGt9vztKETuFlHnR5aksi6wgQMhFXgBZ Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 23.01.2018 19:17, Alan Somers wrote: >>> Unfortunately, pf currently lacks this capability. But it looks like= it >>> could be added without breaking existing pf.conf syntax. Would this = be a >>> good idea? >>> >>> I don't use ipfw, but from reading the man page I believe that it has= the >>> same problem. >> >> I think ipfw should work with such configuration using "fwd" action, >> since TCP/UDP has special handling for this. >=20 >=20 > The man page says that the fwd directive always takes an IP address. W= hat > I need is a way to forward the port without changing the IP address. I= s > that possible in ipfw? "fwd" rule does not changing nor IP address, nor port. It uses some magic with PCB lookup in the TCP/UDP code. Just tried this: # ipfw add fwd ::1,5678 tcp from any to any 4000 # nc -6 -l ::1 5678 And from another host tried: # telnet -6 fc00::1 4000 And this works. --=20 WBR, Andrey V. Elsukov --xHGt9vztKETuFlHnR5aksi6wgQMhFXgBZ-- --EUnG8SM6FWjFLianwnxIh9seDmuPZouaX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlpnc0MACgkQAcXqBBDI oXp0wwgAkC77OtyQBGdnsCV85UN8CUqbRQPn7MhReYP04X909l5nFERlsmI8muSB XV9Y527OU1A6cGvkuGs3lFl2rkKY9Rzo76inygQC5YjSrFl1jfktdwr8kArFQtcs ycRvlaD1SokiPb61V83YuxtO6w9bgywb0hTFMpRvfD04reJI5ktJVwMpFUkX2uzp aC2s+787YH6w28BBVDexH+3Y/SylReSNCUXSLCQTBXL2hJO3wPvlQph+IElbD3dY w9m++Q7iqot2nG/ukgiDFwsFoyJf1TX6BDLP6D7jeDPUVyw0cv3URWO7CREA+VEa 8W01284t2DmEACnKnkimaac9q5+AsA== =+2Ij -----END PGP SIGNATURE----- --EUnG8SM6FWjFLianwnxIh9seDmuPZouaX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?759792be-189f-bdaf-04c9-b01d26fa9e00>