Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Hair pinning with pf and NetBSD

I have a similar problem I'm trying to solve with ipf on Solaris, so
it's a little off topic for this list, but essentially we're wanting to
be able to have our applications configured for some (possibly fake) IP
a.b.c.d and then use NAT on the same host to redirect these connections
to remote hosts w.x.y.z or i.j.k.l depending on which is up at the time

In concept this is reasonably easy to say, however for ipf at least it
doesn't seem to deal with host-originated connections as these don't
appear to enter the network stack at the appropriate point to be
filtered properly ... connections that traverse the host appear to be
NATted fine.

Has anyone had a similar issue they wanted to solve in this manner?  How
would this be done with either ipf or pf?

The annoyance here is that w.x.y.z and i.j.k.l are on the same network
as the application host which also makes routing problematic ...


(apologies to the OP for hijacking the topic, but seems to be mostly
related ... )

Malcolm Herbert                                This brain intentionally                                                left 

Home | Main Index | Thread Index | Old Index