On Thu, Sep 15, 2005 at 02:55:54PM +0100, Greg Hennessy wrote:
> > here: http://mniam.net/pf/pf.png To work around this you can
> > install a route-to rule to loop the packet:
> >
> > pass out route-to (lo0 127.0.0.1) proto tcp from any to any port 25
Works nicely:
rdr pass proto tcp from
> here: http://mniam.net/pf/pf.png To work around this you can
> install a route-to rule to loop the packet:
>
> pass out route-to (lo0 127.0.0.1) proto tcp from any to any port 25
>
> This will re-loop the packet, pf will see it as inbound and
> thus apply the redirection.
Ahh! Every day a
Hello, Brain!
> I'm coming to the conclusion that 'rdr' acts on an "inbound" interface, i.e.
> packets arriving at the kernel, and locally-originated packets don't match
> any interface; or something like that.
>
> But I was hoping there would be someone on the list who has a reasonably
> deep kn
On Thursday 15 September 2005 14:36, Brian Candler wrote:
> On Thu, Sep 15, 2005 at 01:16:19PM +0100, Greg Hennessy wrote:
> > It could do,
> >
> > Make the 1st line of the policy
> >
> > block log all
> >
> >
> > And see what it catches.
>
> /etc/pf.conf now:
> rdr pass proto tcp from any to any p
> Not surprisingly, it blackholes everything.
The joys of a default deny.
Add a
pass all on lo0 keep state
Just keep things listening there sweet.
>
> # telnet -N 147.28.0.39 25
> Trying 147.28.0.39...
> telnet: connect to address 147.28.0.39: Operation not permitted
> telnet: Unable to
On Thu, Sep 15, 2005 at 01:16:19PM +0100, Greg Hennessy wrote:
> It could do,
>
> Make the 1st line of the policy
>
> block log all
>
>
> And see what it catches.
/etc/pf.conf now:
rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port 25
rdr pass on lo0 proto tcp from any to any port
>
> I tried 'rdr' by itself originally, yes. There is no extra
> policy at all in this ruleset; that's my entire /etc/pf.conf.
> Since filter policy defaults to 'pass', then it shouldn't
> make any different, should it?
It could do,
Make the 1st line of the policy
block log all
And see
On Thu, Sep 15, 2005 at 12:39:18PM +0100, Greg Hennessy wrote:
>
> > rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port
> > 25 rdr pass on lo0 proto tcp from any to any port 25 ->
> > 127.0.0.1 port 25 rdr pass on fxp0 proto tcp from any to any
> > port 25 -> 127.0.0.1 port 25
>
> H
> rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port
> 25 rdr pass on lo0 proto tcp from any to any port 25 ->
> 127.0.0.1 port 25 rdr pass on fxp0 proto tcp from any to any
> port 25 -> 127.0.0.1 port 25
Have you tried rdr on its own combined with an explicit pass rule in your
poli
On Thu, Sep 15, 2005 at 11:42:18AM +0100, Greg Hennessy wrote:
> Try tying that rdr to the inside interface.
Well, there isn't an "inside" interface as such. This machine has one
interface, fxp0, and I'm talking about connections originating from the
local machine to the outside world. (The appli
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Brian Candler
> Sent: 15 September 2005 11:15
> To: freebsd-pf@freebsd.org
> Subject: Using 'rdr' on outbound connections
>
> Hello,
>
> I would like
Hello,
I would like to use pf to trap all locally-originated outbound connections
to port 25 on any remote host, and redirect them to a local mailserver.
I tried:
rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port 25
but it doesn't seem to work (i.e. 'telnet mail.foo.com 25' conne
12 matches
Mail list logo
