Hello, it's probably PEBKAC but I'm lost where is the problem.
I try to redirect specific outgoing traffic to a local port, it doesn't work if 'set skip on lo' is used. I'm using i386 snapshot from Feb 11. Any idea? Thank you. jirib ** pf rules: set skip on lo pass # to establish keep-state pass out log(matches) quick inet proto tcp from any to 89.176.141.250 port = www rdr-to 127.0.0.1 port 8080 block in log on ! lo0 proto tcp to port 6000:6010 ** pfctl -vv -sr: @0 pass all flags S/SA keep state [ Evaluations: 1353 Packets: 16 Bytes: 448 States: 1 ] [ Inserted: uid 0 pid 4256 State Creations: 8 ] @1 pass out log (matches) quick inet proto tcp from any to 89.176.141.250 port = www flags S/SA keep state rdr-to 127.0.0.1 port 8080 [ Evaluations: 1353 Packets: 5 Bytes: 320 States: 0 ] [ Inserted: uid 0 pid 4256 State Creations: 2 ] @2 block drop in log on ! lo0 proto tcp from any to any port 6000:6010 [ Evaluations: 1343 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 4256 State Creations: 0 ] ** tcpdump on pflog0: Feb 24 12:15:48.042222 rule 1/(match) [uid 0, pid 4256] pass out on iwn0: [orig src 192.168.254.100:40695, dst 89.176.141.250:80] 192.168.254.100.40695 > 127.0.0.1.8080: S 3088363469:3088363469(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 149797819[|tcp]> (DF) [tos 0x10] (ttl 64, id 50505, len 64, bad cksum 68bd! differs by ce92) ** tcpdump on lo0: 12:15:48.042235 192.168.254.100.40695 > 127.0.0.1.8080: S 3088363469:3088363469(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 149797819 0> (DF) [tos 0x10] 12:15:48.042246 127.0.0.1.8080 > 192.168.254.100.40695: S 26525521:26525521(0) ack 3088363470 win 16384 <mss 33160,nop,nop,sackOK,nop,wscale 3,nop,nop,timestamp 2966326995 149797819> (DF) 12:15:48.042252 192.168.254.100.40695 > 127.0.0.1.8080: R 3088363470:3088363470(0) win 0 (DF)
