Can pf simultaneously redirect to multiple, internal hosts?
J Green
corpengineer at gmail.com
Fri May 13 18:20:08 UTC 2016
Sorry for not being more concise. Yes, I am looking at scenario number
1. Reading up on ng_tee, looks interesting. Thank you for the
recommendation.
On Thu, May 12, 2016 at 7:47 PM, Peter Jeremy <peter at rulingia.com> wrote:
> On 2016-May-12 11:09:57 -0700, J Green <corpengineer at gmail.com> wrote:
> >Can pf simultaneously redirect to multiple, internal hosts?
> >
> >Source -> UDP traffic -> pf (redirection) -> Host1
> > -> Host2
> > -> Host3
>
> I think the answer is "no" but your question is slightly ambiguous. I
> believe there are 3 possible scenarios:
>
> 1) Traffic arrives addressed to a single UDP port at a single address and
> you want to replicate each incoming packet to multiple hosts: I think
> this is what you are trying to do and this isn't possible with pf. You
> could have a look at ng_tee(3) and if that doesn't do what you want, you
> will need to write a tool to do the replication - the easiest way is
> probably a proxy that recvfrom(2)'s the packets and then transmits
> multiple copies to the destination hosts. If you want to retain the
> original src address, you will need to use raw sockets, divert(4) or
> tap(4) to allow you to "forge" the src address on the outgoing packets.
>
> 2) Traffic arrives addressed to multiple UDP ports at a single addres and
> you want the traffic redirected to different hosts depending on the port.
> The pf 'rdr' command does this.
>
> 3) Traffic arrives addressed to several addresses and you want the traffic
> redirected to different hosts depending on the address. The pf 'binat'
> command does this.
>
> --
> Peter Jeremy
>
More information about the freebsd-pf
mailing list