Sorry for not being more concise. Yes, I am looking at scenario number 1. Reading up on ng_tee, looks interesting. Thank you for the recommendation.
On Thu, May 12, 2016 at 7:47 PM, Peter Jeremy <[email protected]> wrote: > On 2016-May-12 11:09:57 -0700, J Green <[email protected]> wrote: > >Can pf simultaneously redirect to multiple, internal hosts? > > > >Source -> UDP traffic -> pf (redirection) -> Host1 > > -> Host2 > > -> Host3 > > I think the answer is "no" but your question is slightly ambiguous. I > believe there are 3 possible scenarios: > > 1) Traffic arrives addressed to a single UDP port at a single address and > you want to replicate each incoming packet to multiple hosts: I think > this is what you are trying to do and this isn't possible with pf. You > could have a look at ng_tee(3) and if that doesn't do what you want, you > will need to write a tool to do the replication - the easiest way is > probably a proxy that recvfrom(2)'s the packets and then transmits > multiple copies to the destination hosts. If you want to retain the > original src address, you will need to use raw sockets, divert(4) or > tap(4) to allow you to "forge" the src address on the outgoing packets. > > 2) Traffic arrives addressed to multiple UDP ports at a single addres and > you want the traffic redirected to different hosts depending on the port. > The pf 'rdr' command does this. > > 3) Traffic arrives addressed to several addresses and you want the traffic > redirected to different hosts depending on the address. The pf 'binat' > command does this. > > -- > Peter Jeremy > _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
