Can pf simultaneously redirect to multiple, internal hosts?
Peter Jeremy
peter at rulingia.com
Fri May 13 02:47:56 UTC 2016
On 2016-May-12 11:09:57 -0700, J Green <corpengineer at gmail.com> wrote:
>Can pf simultaneously redirect to multiple, internal hosts?
>
>Source -> UDP traffic -> pf (redirection) -> Host1
> -> Host2
> -> Host3
I think the answer is "no" but your question is slightly ambiguous. I
believe there are 3 possible scenarios:
1) Traffic arrives addressed to a single UDP port at a single address and
you want to replicate each incoming packet to multiple hosts: I think
this is what you are trying to do and this isn't possible with pf. You
could have a look at ng_tee(3) and if that doesn't do what you want, you
will need to write a tool to do the replication - the easiest way is
probably a proxy that recvfrom(2)'s the packets and then transmits
multiple copies to the destination hosts. If you want to retain the
original src address, you will need to use raw sockets, divert(4) or
tap(4) to allow you to "forge" the src address on the outgoing packets.
2) Traffic arrives addressed to multiple UDP ports at a single addres and
you want the traffic redirected to different hosts depending on the port.
The pf 'rdr' command does this.
3) Traffic arrives addressed to several addresses and you want the traffic
redirected to different hosts depending on the address. The pf 'binat'
command does this.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20160513/4ec31aba/attachment.sig>
More information about the freebsd-pf
mailing list