RDR for locally generated traffic
Christian Meutes
christian at de.clara.net
Sat Jul 15 18:53:10 UTC 2006
>
> You cannot DNAT in outbound, nor can you SNAT on inbound. I have been
> asking for the symmetric cases on the OpenBSD pf list, and it's on my
> "to do one day" list, but I have no idea when that will become the top
> priority (maybe never).
>
> As I understand it, this limitation has to do with the way the TCP/IP
> stack works in BSD, particularly vis-a-vis routing. You will note we
> don't have an equivalent to the PREROUTING chain, either.
>
Thanks for the answer!
Then would it be possible to bind the IP to lo0 as an alias, connect to
this IP
and then let the rule rewrite the destination to a other one which lies
on fxp0
directly?
More information about the freebsd-pf
mailing list