Using 'rdr' on outbound connections
Brian Candler
B.Candler at pobox.com
Thu Sep 15 09:48:51 PDT 2005
On Thu, Sep 15, 2005 at 02:55:54PM +0100, Greg Hennessy wrote:
> > here: http://mniam.net/pf/pf.png To work around this you can
> > install a route-to rule to loop the packet:
> >
> > pass out route-to (lo0 127.0.0.1) proto tcp from any to any port 25
Works nicely:
rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port 25
pass out route-to (lo0 127.0.0.1) proto tcp from any to any port 25 user != mailnull
redirects the traffic. But as you say, the ident information is then lost
(ERROR : NO-USER). It looks very strange on a tcpdump, seeing ident packets
going from 127.0.0.1 to a real IP address and back again :-)
But with the magic of oidentd:
# /usr/local/sbin/oidentd -P 127.0.0.1 -u nobody -g nogroup
and hey presto it works. Many thanks!
Regards,
Brian.
More information about the freebsd-pf
mailing list