On 2017-06-06, Marko Cupać <marko.cu...@mimar.rs> wrote: > Hi, > > For a few years I have been running nc from inetd together with pf > redirect rules to reach LAN servers via their public IP adresses from > LAN: > > # cat /etc/inetd.conf > 127.0.0.1:20080 stream tcp nowait proxy /usr/bin/nc nc -w 20 PR.IV.AT.E 80 > 127.0.0.1:20443 stream tcp nowait proxy /usr/bin/nc nc -w 20 PR.IV.AT.E 443 > > Now that proxy user is gone in 6.1, what would be appropriate account to > run nc under? Is nobody OK? Something else? > > Or is there a better way to accomplish this?
There's no need to do this in userland, a combination of nat-to and rdr-to works fine for this. Check faq/pf/rdr.html if you need hints.
