Date: Sat, 15 Jul 2006 16:13:59 +0200 From: Christian Meutes <christian@de.clara.net> To: freebsd-pf@freebsd.org Subject: RDR for locally generated traffic Message-ID: <44B8F827.5000602@de.clara.net>
next in thread | raw e-mail | index | archive | help
Hello list, iam trying to redirect traffic which is locally generated on a server to a different IP address. PF is running on the server and there is no way to change this. So for example if the server wants to deliver a mail via SMTP to 1.1.1.1 then PF should rewrite 1.1.1.1 to 2.2.2.2, keep-state for this and when the traffic arrives back from 2.2.2.2 PF should memorized this for changing the Source-IP back to 1.1.1.1 This sounds like a default port-forwarding setup which is done everywhere even on the smallest soho solutions outside in the customer world. But the difference is, that the traffic is a) locally generated and b) that in conventionelly setups the traffic is always arriving on a "outside" interface where the IP address is directly assigned which isnt the case in this setup. I have used a simple RDR rule for accomplishing this: "rdr pass on fxp0 proto tcp from $server_ip to 1.1.1.1 port 25 -> 2.2.2.2 ... but without any success. When tcpdumping on fxp0 to check what is happening, I recognized that the packets are pushed untouched outside of fxp0 with the original IP address (1.1.1.1), so no rewriting was happening. I thought that this would be a simple DNAT scenario, but the more iam trying to get this working the more iam believing that it isnt even possible. Does anyone have an idea what iam doing wrong or can just confirm that its not possible to rewrite such packets and maybe can point me to a other software solution (serverbased). Thanks for your ear! cheers, Christian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44B8F827.5000602>