2012/7/9 Stuart Henderson <s...@spacehopper.org>
> On 2012-07-09, Fil DiNoto <fdin...@gmail.com> wrote:
> > I am trying to achieve something I thought would be simple, but
> > haven't had any luck.
> >
> >
> > I have an OpenBSD 5.0 router/firewall with public IP X.X.X.A
> >
> > Behind it are a mix of OpenBSD and Linux systems, all with public IP. NO
> NAT.
> >
> > I run ssh on an alternate port, XXX22. However, from a certain
> > location I am dealing with a firewall that will not allow outbound
> > connections on XXX22 only on 22
> >
> > I have already set up a rule like this, and it works:
> >
> > pass in on egress proto tcp from $location1 to any port ssh rdr-to
> > X.X.X.A port XXX22
> >
> > But i was wondering if I could achieve something that would work for
> > ALL the addresses behind the router as well without creating
> > individual rules for each address. Something like this:
> >
> > pass in on egress proto tcp from $location1 to any port ssh rdr-to
> > (original destination IP) port XXX22
> >
> >
>
> nope. easiest option for this is probably a userland proxy.
> not sure but I reckon relayd can probably do it.
>
>
Not sure either, but i would try to use divert(4).
