Using 'rdr' on outbound connections

Brian Candler B.Candler at pobox.com
Thu Sep 15 05:04:39 PDT 2005


On Thu, Sep 15, 2005 at 12:39:18PM +0100, Greg Hennessy wrote:
>  
> > rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port 
> > 25 rdr pass on lo0 proto tcp from any to any port 25 -> 
> > 127.0.0.1 port 25 rdr pass on fxp0 proto tcp from any to any 
> > port 25 -> 127.0.0.1 port 25
> 
> Have you tried rdr on its own combined with an explicit pass rule in your
> policy ?

I tried 'rdr' by itself originally, yes. There is no extra policy at all in
this ruleset; that's my entire /etc/pf.conf. Since filter policy defaults to
'pass', then it shouldn't make any different, should it?

I appreciate you making suggestions, but perhaps if you have a spare machine
available, you could try replicating the problem? It's different from your
squid setup, where traffic originates from another client and passes through
your FreeBSD router. As I said before, I've demonstrated to myself that rdr
works when the traffic is inbound from another machine.

Regards,

Brian.


More information about the freebsd-pf mailing list