Date: Thu, 15 Sep 2005 17:53:37 +0400 From: Boris Polevoy <vapcom@mail.ru> To: Brian Candler <B.Candler@pobox.com> Cc: freebsd-pf@freebsd.org Subject: Re[2]: Using 'rdr' on outbound connections Message-ID: <E1EFuBF-0009ch-00.vapcom-mail-ru@f24.mail.ru> In-Reply-To: <20050915123654.GA1315@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Brain!
> I'm coming to the conclusion that 'rdr' acts on an "inbound" interface, i.e.
> packets arriving at the kernel, and locally-originated packets don't match
> any interface; or something like that.
>
> But I was hoping there would be someone on the list who has a reasonably
> deep knowledge of the 'pf' code and could explain whether what I want to do
> is not possible, or if it is, how to do it.
>
RDR only works on incoming packets. This is code from pf.c:
if (direction == PF_OUT) {
r = pf_match_translation(pd, m, off, direction, kif, saddr,
sport, daddr, dport, PF_RULESET_BINAT);
if (r == NULL)
r = pf_match_translation(pd, m, off, direction, kif,
saddr, sport, daddr, dport, PF_RULESET_NAT);
} else {
r = pf_match_translation(pd, m, off, direction, kif, saddr,
sport, daddr, dport, PF_RULESET_RDR);
if (r == NULL)
r = pf_match_translation(pd, m, off, direction, kif,
saddr, sport, daddr, dport, PF_RULESET_BINAT);
}
As you can see, pf_match_translation(PF_RULESET_RDR) called only on PF_IN direction.
Whith best regards,
Boris Polevoy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1EFuBF-0009ch-00.vapcom-mail-ru>