SO_BINDANY and pf divert

Attila Nagy bra at
Wed Jul 30 16:16:27 UTC 2008


OpenBSD's relayd has grown a very useful transparent relay support, 
which means you can run a HTTP(S) reverse proxy transparently 
(maintaining the source IP, while you have a different TCP stream open 
from the proxy to the backend, even by terminating the SSL part and 
speaking clear text HTTP to the backends).

For this (as far as I could figure out, while trying to make this newer 
relayd working on FreeBSD) two pieces are needed, which FreeBSD 
currently lacks:
- the SO_BINDANY support (see and
- the pf part, which diverts the non-local packets to the given socket 
(see and

After having those said, the question is obvious. :)
Does anybody feel the need for these two in FreeBSD and have the 
competence and time to port them?


More information about the freebsd-net mailing list