Danix <[email protected]> writes:
> To put it short:
>
> # grep 6789 /etc/pf.conf
> pass in on vic0 proto tcp from any to vic0 port 6789 rdr-to { 1.2.3.4,
> 1.2.3.5, 1.2.3.7 } round-robin
>
> # pfctl -sr | grep 6789
> pass in on vic0 inet proto tcp from any to 192.168.1.28 port = 6789
> flags S/SA keep state rdr-to <__automatic_b107482c_0> round-robin
>
> Redirection works but pfctl(8) fails to correctly display the
> redirection pool. This issue shows up only when the redirection pool
> has multiple addresses and is not a table.
This is, I think, the expected behavior. The ruleset optimizer turns
your list of addresses into a table. You could try disabling the
rulseset optimizer to see if it makes a difference, but at least on my
-current box here it doesn't seem to matter:
pe...@skapet:~$ cat danix
pass in on xl0 proto tcp from any to xl0 port 6789 rdr-to { 1.2.3.4, 1.2.3.5,
1.2.3.7 } round-robin
pe...@skapet:~$ sudo pfctl -vnf danix
table <__automatic_0> const { 1.2.3.4 1.2.3.5 1.2.3.7 }
table <__automatic_1> const { 1.2.3.4 1.2.3.5 1.2.3.7 }
pass in on xl0 inet proto tcp from any to 213.187.179.198 port = 6789 flags
S/SA keep state rdr-to <__automatic_0> round-robin
pe...@skapet:~$ sudo pfctl -o none -vnf danix
table <__automatic_0> const { 1.2.3.4 1.2.3.5 1.2.3.7 }
table <__automatic_1> const { 1.2.3.4 1.2.3.5 1.2.3.7 }
pass in on xl0 inet proto tcp from any to 213.187.179.198 port = 6789 flags
S/SA keep state rdr-to <__automatic_0> round-robin
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
