It is possible to "NAT" connections from one rdomain to another with pf.
The problem is that this "NAT" is not visible in DIOCNATLOOK lookups. This
causes ftp-proxy to fail handling connections that cross domains.
Adding the incomming rdomain is not a big deal and will allow ftp-proxy
and other proxies to work accross domains.
OK?
--
:wq Claudio
Index: pf_ioctl.c
===================================================================
RCS file: /cvs/src/sys/net/pf_ioctl.c,v
retrieving revision 1.236
diff -u -p -r1.236 pf_ioctl.c
--- pf_ioctl.c 15 Dec 2010 14:22:25 -0000 1.236
+++ pf_ioctl.c 24 Mar 2011 17:18:03 -0000
@@ -1511,6 +1511,7 @@ pfioctl(dev_t dev, u_long cmd, caddr_t a
pnl->rsport = sk->port[sidx];
PF_ACPY(&pnl->rdaddr, &sk->addr[didx], sk->af);
pnl->rdport = sk->port[didx];
+ pnl->rrdomain = sk->rdomain;
} else
error = ENOENT;
}
Index: pfvar.h
===================================================================
RCS file: /cvs/src/sys/net/pfvar.h,v
retrieving revision 1.322
diff -u -p -r1.322 pfvar.h
--- pfvar.h 7 Mar 2011 23:30:19 -0000 1.322
+++ pfvar.h 24 Mar 2011 16:03:57 -0000
@@ -1470,6 +1470,7 @@ struct pfioc_natlook {
struct pf_addr rsaddr;
struct pf_addr rdaddr;
u_int16_t rdomain;
+ u_int16_t rrdomain;
u_int16_t sport;
u_int16_t dport;
u_int16_t rsport;
