Hi! I have a system where my daemon is running on a public IP on a high port (so that it does not need root privileges, and it is binded to a public IP as it runs in a jail) and I would like to translate it to a lower port. I would like that just this lower port is publicly accessible. This can be done with:
rdr pass on $int_untrust proto tcp from any to $addr_svc port $svc_ext -> $addr_svc port $svc_int This makes only $svc_ext port accessible as $svc_int port is closed (not opened) for traffic. But I would like to assign this traffic to a queue and thus I cannot use pass option. I wanted to create a rdr rule without pass option and a separate pass rule later on. But the problem is that, as far as I understand, pass rules are applied after rdr, so I can set them only on an internal port (to which I am translating public port). But then the question is how can I open this internal port so that it is not opened to a public, only to a traffic coming through a rdr rule? Is there a general way how one can transcribe rdr pass option to a pass rule which would behave in the same way as rdr pass? Mitar _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
