pf: redirect a packet's port but not its address?
Alan Somers
asomers at freebsd.org
Tue Jan 23 16:17:10 UTC 2018
On Tue, Jan 23, 2018 at 7:16 AM, Andrey V. Elsukov <bu7cher at yandex.ru>
wrote:
> On 23.01.2018 03:35, Alan Somers wrote:
> > All of these problems could be solved if pf were able to redirect a
> > packet's destination port but not its address. You could bind the daemon
> > to INADDR_ANY instead of localhost, and the packet it receives would be
> > destined to the same address that the sender intended.
> >
> > Unfortunately, pf currently lacks this capability. But it looks like it
> > could be added without breaking existing pf.conf syntax. Would this be a
> > good idea?
> >
> > I don't use ipfw, but from reading the man page I believe that it has the
> > same problem.
>
> I think ipfw should work with such configuration using "fwd" action,
> since TCP/UDP has special handling for this.
The man page says that the fwd directive always takes an IP address. What
I need is a way to forward the port without changing the IP address. Is
that possible in ipfw?
More information about the freebsd-net
mailing list