Hallo!
First of all i must say it is a theoretical question i.e. i do not have
anything practical undone because of it but to better understand the way
of pf i would like to ask it and i would appreaciate very much if
somebody could share light on this.
I am accustomed to use rdr when i need to rewrite incoming packets' dst
address/port; and i am accustomed to use nat when i need to rewrite
outgoing packets' src aadresses.
But lets say i would like to rewrite locally originated packets' dst
address/port, could it be done with pf without extra hacking?
(I think this could be done for example with the help of routing packets
out of the system and back in and rewriting on incoming interface
packets' dst addresses/ports.) I havent specificially played with nat
but i guess the case is there similar.
man pf.conf says (stressing underlines are mine)
----------
Evaluation order of the translation rules is dependent on the type of
the translation rules and of the direction of a packet. binat rules are
always evaluated first. Then either the rdr rules are evaluated on an
_inbound_ packet or the nat rules on an _outbound_ packet. Rules of the
same type are evaluated in the same order in which they appear in the
ruleset. The first matching rule decides what action is taken.
-----------
So i take its not directly meant to be done with pf? I searched the
misc@ archives and found some questions in the similar line but their
accent was accomplishing something more practical than in my case :)
And to make it clear my question is not carried with an intent to
undermine pf's possibilities!
Imre
PS And thanks for the superb software!
