[Bug 268717] [pf] rdr rules don't work for traffic originating at localhost

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268717

--- Comment #15 from Kristof Provost <kp@freebsd.org> ---
(In reply to dfr from comment #14)
Right, but rdr very much expects to be used on inbound traffic only.
I believe the relevant code to be in pf_get_translation(), where we only look
at the RDR ruleset if direction != PF_OUT (i.e. it's PF_IN).

So I think we have three choices:
1) extend nat (or binat) to be able to change the port and destination address
(rather than source address).
2) teach rdr to work on PF_OUT
3) Build on the work in https://reviews.freebsd.org/D38025 and use OpenBSD's
rdr-to, where the man page at least seems to suggest it can also work out
outbound traffic.

-- 
You are receiving this mail because:
You are the assignee for the bug.