Using pf to force different outgoing IP address depending on
UNIX user/group for locally originating connection?
Max Laier
max at love2party.net
Wed Feb 1 11:11:21 PST 2006
On Tuesday 31 January 2006 20:54, Eduard Vopicka wrote:
> My goal is to use pf to force (via NAT) different IP outgoing addresses
> depending on UID and/or GID of the program establishing the connection, for
> connections originating locally on machine with FreeBSD 5.4. (I do not
> expect this to work for setuid/setgid programs.)
Did you consider just useing jail(8) to jail the processes to the specific IP.
This should be most performant and also easy to setup (depending on your
configuration requirements). If you are concerned with daemons here it's a
matter of perpending "jail / hostname IP" to the startup script, if you are
concerned with real useres it's a bit more complicated, but there are dozens
of tutorials on the web.
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20060201/02c2cc9e/attachment.bin
More information about the freebsd-pf
mailing list