On 2025-04-18, TSS <t...@mg-1.uk> wrote: > Hi again. I hope it's not unwelcome to ask a pf question here; I hope > this one isn't too elementary. > > I have a daemon that sends and receives UDP packets on port 1337. For > reasons, I would like to use pf on my computer (i.e. the one that's > running the daemon) to take the daemon's outbound UDP packets, which it's > emitting from port 1337, and actually send them out to the internet as > if they're coming from port 31337. Also, I'd like UDP packets coming in > to port 31337 to be received by the daemon, which is listening for them > on port 1337. In ASCII art, that's: > > . . | > +-------+ o * . ~ * | > | my |--> UDP 1337 --> % . pf : . --|--> UDP 31337 --> clouds > |special| + . magic + | and > |daemon |<-- UDP 1337 <-- * _ , + <--|--- UDP 31337 <-- stuff > +-------+ + * o . ~ |
match out proto udp to 1.1.1.1 port 1337 nat-to <your ip> port 31337 However: I don't think it's all that likely to help, I'd expect your upstream nat to have already changed the source port... Also: I don't remember what happens if there's an active PF state already using this port - maybe the nat will be ignored, maybe the packet will be dropped. > If not pf, maybe relayd would work? I worry that its extra layer of > indirection might be slow, and I'd like this process to be as fast as it > can be. relayd doesn't do much with udp. -- Please keep replies on the mailing list.
