Using pf to force different outgoing IP address depending on
UNIX user/group for locally originating connection?
Daniel Hartmeier
daniel at benzedrine.cx
Wed Feb 1 10:28:16 PST 2006
On Wed, Feb 01, 2006 at 08:01:36AM -0600, Bill Marquette wrote:
> I haven't looked at the code, but I wouldn't be terribly surprised if
> you couldn't just copy/paste the user match code in the lexer for
> filter rules into the nat part of the lexer.
No, the user/group options are not valid in translation rules. But
making them valid there would be the most logical solution. It's not
terribly complicated, and I'll try to add that. It won't be backported
to 5.x, though :)
I'm not sure you can do it routing tricks through loopback. You could
try setting the default route through an intentionally wrong interface,
pass with tag and route-to (to the right interface) there, and then nat
on the right interface based on tag. But that's quite a hack.
Daniel
More information about the freebsd-pf
mailing list