Using 'rdr' on outbound connections
Brian Candler
B.Candler at pobox.com
Thu Sep 15 05:33:44 PDT 2005
On Thu, Sep 15, 2005 at 01:16:19PM +0100, Greg Hennessy wrote:
> It could do,
>
> Make the 1st line of the policy
>
> block log all
>
>
> And see what it catches.
/etc/pf.conf now:
rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port 25
rdr pass on lo0 proto tcp from any to any port 25 -> 127.0.0.1 port 25
rdr pass on fxp0 proto tcp from any to any port 25 -> 127.0.0.1 port 25
block log all
Not surprisingly, it blackholes everything.
# telnet -N 147.28.0.39 25
Trying 147.28.0.39...
telnet: connect to address 147.28.0.39: Operation not permitted
telnet: Unable to connect to remote host
# tcpdump -r /var/log/pflog
just shows:
13:26:09.426570 IP bloodhound.noc.clara.net.57393 > rip.psg.com.smtp: S 360892497:360892497(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale1,nop,nop,timestamp 9750257 0>
(that's it; no RST, no ICMP ADMIN-PROHIBITED)
I'm coming to the conclusion that 'rdr' acts on an "inbound" interface, i.e.
packets arriving at the kernel, and locally-originated packets don't match
any interface; or something like that.
But I was hoping there would be someone on the list who has a reasonably
deep knowledge of the 'pf' code and could explain whether what I want to do
is not possible, or if it is, how to do it.
Thanks,
Brian.
More information about the freebsd-pf
mailing list