On Sat, Aug 28, 2010 at 11:08:10PM +0200, Jean-Francois wrote: > Good evening, > > Is it possible to redirect to an IF or at least an IP range such as following > rules ? > > match in on $ext_if proto tcp from any to any port 1024:32768 \ > rdr-to $int_if
Since all of the manpages use IP addresses, I'm guessing not; you're likely to be able to get the same effect with using the IP of the interface intstead of its name. Unless you're mistaken on what rdr-to does, as this isn't the first time someone appears to have been under the impression that rdr-to sort of just "poured" the traffic onto another network. > > match in on $ext_if proto tcp from any to any port 1024:32768 \ > rdr-to 192.168.100.0/16 > rdr-to won't do this, but dup-to may do what you're looking for; however, it's much more likely that you need to read the section on tables in the pf.conf man page. > I am not sure it even makes sense in regard of a redirection in a network > topology but I'll try the question, since it can help to understand. > > I am thinking the probability is very high that a redirection of above kind > needs to copy as many times the packets as wide as the range of ip is. Yes, hence the "duplicate" root for "dup-to". > > Thanks to help me to understand this point. > > Jean-Frangois
