Re: Using 'rdr' on outbound connections

Brian Candler Thu, 15 Sep 2005 09:49:03 -0700

On Thu, Sep 15, 2005 at 02:55:54PM +0100, Greg Hennessy wrote:
> > here: http://mniam.net/pf/pf.png  To work around this you can 
> > install a route-to rule to loop the packet:
> > 
> > pass out route-to (lo0 127.0.0.1) proto tcp from any to any port 25


Works nicely:

    rdr pass proto tcp from any to any port 25 -> 127.0.0.1 port 25
    pass out route-to (lo0 127.0.0.1) proto tcp from any to any port 25 user != 
mailnull

redirects the traffic. But as you say, the ident information is then lost
(ERROR : NO-USER). It looks very strange on a tcpdump, seeing ident packets
going from 127.0.0.1 to a real IP address and back again :-)

But with the magic of oidentd:

    # /usr/local/sbin/oidentd -P 127.0.0.1 -u nobody -g nogroup

and hey presto it works. Many thanks!

Regards,

Brian.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Using 'rdr' on outbound connections

Reply via email to