Using 'rdr' on outbound connections
Boris Polevoy
vapcom at mail.ru
Thu Sep 15 06:53:40 PDT 2005
Hello, Brain!
> I'm coming to the conclusion that 'rdr' acts on an "inbound" interface, i.e.
> packets arriving at the kernel, and locally-originated packets don't match
> any interface; or something like that.
>
> But I was hoping there would be someone on the list who has a reasonably
> deep knowledge of the 'pf' code and could explain whether what I want to do
> is not possible, or if it is, how to do it.
>
RDR only works on incoming packets. This is code from pf.c:
if (direction == PF_OUT) {
r = pf_match_translation(pd, m, off, direction, kif, saddr,
sport, daddr, dport, PF_RULESET_BINAT);
if (r == NULL)
r = pf_match_translation(pd, m, off, direction, kif,
saddr, sport, daddr, dport, PF_RULESET_NAT);
} else {
r = pf_match_translation(pd, m, off, direction, kif, saddr,
sport, daddr, dport, PF_RULESET_RDR);
if (r == NULL)
r = pf_match_translation(pd, m, off, direction, kif,
saddr, sport, daddr, dport, PF_RULESET_BINAT);
}
As you can see, pf_match_translation(PF_RULESET_RDR) called only on PF_IN direction.
Whith best regards,
Boris Polevoy
More information about the freebsd-pf
mailing list