Date: Thu, 15 Sep 2005 17:48:15 +0100 From: Brian Candler <B.Candler@pobox.com> To: Greg Hennessy <Greg.Hennessy@nviz.net> Cc: freebsd-pf@freebsd.org Subject: Re: Using 'rdr' on outbound connections Message-ID: <20050915164815.GA33032@uk.tiscali.com> In-Reply-To: <20050915135554.767714D@gw2.local.net> References: <200509151551.24419.max@love2party.net> <20050915135554.767714D@gw2.local.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 15, 2005 at 02:55:54PM +0100, Greg Hennessy wrote: > > here: http://mniam.net/pf/pf.png To work around this you can > > install a route-to rule to loop the packet: > > > > pass out route-to (lo0 127.0.0.1) proto tcp from any to any port 25 Works nicely: rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port 25 pass out route-to (lo0 127.0.0.1) proto tcp from any to any port 25 user != mailnull redirects the traffic. But as you say, the ident information is then lost (ERROR : NO-USER). It looks very strange on a tcpdump, seeing ident packets going from 127.0.0.1 to a real IP address and back again :-) But with the magic of oidentd: # /usr/local/sbin/oidentd -P 127.0.0.1 -u nobody -g nogroup and hey presto it works. Many thanks! Regards, Brian.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050915164815.GA33032>