From owner-freebsd-pf@FreeBSD.ORG Mon Oct 24 10:05:16 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83584106566C for ; Mon, 24 Oct 2011 10:05:16 +0000 (UTC) (envelope-from mattblists@icritical.com) Received: from mail1.icritical.com (mail1.icritical.com [93.95.13.41]) by mx1.freebsd.org (Postfix) with SMTP id 9AFA28FC0C for ; Mon, 24 Oct 2011 10:05:15 +0000 (UTC) Received: (qmail 31575 invoked from network); 24 Oct 2011 09:38:34 -0000 Received: from localhost (127.0.0.1) by mail1.icritical.com with SMTP; 24 Oct 2011 09:38:34 -0000 Received: (qmail 31566 invoked by uid 599); 24 Oct 2011 09:38:34 -0000 Received: from unknown (HELO icritical.com) (212.57.254.146) by mail1.icritical.com (qpsmtpd/0.28) with ESMTP; Mon, 24 Oct 2011 10:38:34 +0100 Message-ID: <4EA53218.2000807@icritical.com> Date: Mon, 24 Oct 2011 10:38:32 +0100 From: Matt Burke User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.2.15) Gecko/20110403 Thunderbird/3.1.9 MIME-Version: 1.0 To: freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 24 Oct 2011 09:38:33.0013 (UTC) FILETIME=[B20C2E50:01CC9230] X-Virus-Scanned: by iCritical at mail1.icritical.com Subject: rdr with round-robin ports X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Oct 2011 10:05:16 -0000 I have a pile of server daemons running on localhost which I want to load-balance between. I'm using the following rule on 8.2-STABLE (28 June 2011) to try to load-balance between them: rdr inet proto tcp from any to 127.0.0.1 port = 2000 \ -> 127.0.0.1 port 3000:3099 round-robin Unfortunately pf seems to only redirect to port 3000, sending all connections there and none to any other port. I've also tried specifying {localhost, localhost, localhost...} port 3000:3099 with no success. Am I missing something, have I hit a bug, or is the rdr syntax in pf.conf misleading in that multiple ports in a destination is only valid if the source uses multiple ports? The information contained in this message is confidential and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Critical Software Ltd. reserves the right to monitor and record e-mail messages sent to and from this address for the purposes of investigating or detecting any unauthorised use of its system and ensuring its effective operation. Critical Software Ltd. registered in England, 04909220. Registered Office: IC2, Keele Science Park, Keele, Staffordshire, ST5 5NH. ------------------------------------------------------------ This message has been scanned for security threats by iCritical. For further information, please visit www.icritical.com ------------------------------------------------------------