Hi Brian Le mar. 27 oct. 2020 à 23:07, Brian Brombacher <br...@planetunix.net> a écrit : > > I wonder if multiple ports, 5053, 5153 (and so on) redirected using pf rdr-to > rules may work? That way you can setup rules like first IP + port 53 > redirect to 5053, second IP + 53 redirect to 5153? > > May be worth a shot trying. Not an answer to your question, but as a > workaround for others.
I just tried that, with rdr-to for inbound and nat-to for outbound. It could work indeed, but I did not manage to make it work properly. match in quick on $wan proto udp from any to $vpnip port 53 rdr-to self port 24854 rtable 1 match out quick on $wan proto udp from $vpnip to any port 24854 nat-to $vpnip port 53 rtable 1 Anyhow this is unfortunately painful. This means that any port shown on 'ifconfig wg' has to be mentally merged with pf rules, and while this could technically work, this is difficult to troubleshoot :(
