pf: redirect a packet's port but not its address?
Andrey V. Elsukov
bu7cher at yandex.ru
Tue Jan 23 17:39:38 UTC 2018
On 23.01.2018 19:17, Alan Somers wrote:
>>> Unfortunately, pf currently lacks this capability. But it looks like it
>>> could be added without breaking existing pf.conf syntax. Would this be a
>>> good idea?
>>>
>>> I don't use ipfw, but from reading the man page I believe that it has the
>>> same problem.
>>
>> I think ipfw should work with such configuration using "fwd" action,
>> since TCP/UDP has special handling for this.
>
>
> The man page says that the fwd directive always takes an IP address. What
> I need is a way to forward the port without changing the IP address. Is
> that possible in ipfw?
"fwd" rule does not changing nor IP address, nor port. It uses some
magic with PCB lookup in the TCP/UDP code.
Just tried this:
# ipfw add fwd ::1,5678 tcp from any to any 4000
# nc -6 -l ::1 5678
And from another host tried:
# telnet -6 fc00::1 4000
And this works.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180123/2b04d813/attachment.sig>
More information about the freebsd-net
mailing list