Date: Wed, 1 Feb 2006 19:27:51 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Bill Marquette <bill.marquette@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Using pf to force different outgoing IP address depending on UNIX user/group for locally originating connection? Message-ID: <20060201182751.GD1311@insomnia.benzedrine.cx> In-Reply-To: <55e8a96c0602010601t7b746206ice51e29c3265490f@mail.gmail.com> References: <D5972F49810A69449A9EA72A4B360DC2799E29@e1.universe.dart.spb> <55e8a96c0602010601t7b746206ice51e29c3265490f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 01, 2006 at 08:01:36AM -0600, Bill Marquette wrote: > I haven't looked at the code, but I wouldn't be terribly surprised if > you couldn't just copy/paste the user match code in the lexer for > filter rules into the nat part of the lexer. No, the user/group options are not valid in translation rules. But making them valid there would be the most logical solution. It's not terribly complicated, and I'll try to add that. It won't be backported to 5.x, though :) I'm not sure you can do it routing tricks through loopback. You could try setting the default route through an intentionally wrong interface, pass with tag and route-to (to the right interface) there, and then nat on the right interface based on tag. But that's quite a hack. Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060201182751.GD1311>