Hi, I am trying to achieve the following:
Port forward port 49 on mpe1586 to loopback on port 49 so I can use relayd to relay to tacacs_radius server. Config: 209.203.49.81/mpe1586 is in rdomain 1586 127.0.0.1/lo0 is in rdomain 0 In pf I have the following rule pass in log (all, to pflog0) quick on mpe1586 proto tcp to 209.203.49.81 port 49 rdr-to 127.0.0.1 rtable 0 Currently I am running nc to listen on port 49 so I can test but it is not connecting when testing from a different source in rdomain 1586 telnetting to port 49. tcpdump from pflog: Apr 04 11:47:40.055145 rule 112/(match) pass in on mpe1586: 10.0.0.241.49372 > 127.0.0.1.49: S 3008032715:3008032715(0) win 65535 <mss 9118,nop,wscale 1,nop,nop,timestamp 225760985 0,[|tcp]> (DF) [tos 0x10] Apr 04 11:47:43.053616 rule 112/(match) pass in on mpe1586: 10.0.0.241.49372 > 209.203.49.81.49: S 3008032715:3008032715(0) win 65535 <mss 9118,nop,wscale 1,nop,nop,timestamp 225763985 0,[|tcp]> (DF) [tos 0x10] Apr 04 11:47:46.252852 rule 112/(match) pass in on mpe1586: 10.0.0.241.49372 > 209.203.49.81.49: S 3008032715:3008032715(0) win 65535 <mss 9118,nop,wscale 1,nop,nop,timestamp 225767185 0,[|tcp]> (DF) [tos 0x10] Apr 04 11:47:49.451958 rule 112/(match) pass in on mpe1586: 10.0.0.241.49372 > 209.203.49.81.49: S 3008032715:3008032715(0) win 65535 <mss 9118,sackOK,eol> (DF) [tos 0x10] Apr 04 11:47:52.651194 rule 112/(match) pass in on mpe1586: 10.0.0.241.49372 > 209.203.49.81.49: S 3008032715:3008032715(0) win 65535 <mss 9118,sackOK,eol> (DF) [tos 0x10] Apr 04 11:47:55.850429 rule 112/(match) pass in on mpe1586: 10.0.0.241.49372 > 209.203.49.81.49: S 3008032715:3008032715(0) win 65535 <mss 9118,sackOK,eol> (DF) [tos 0x10] >From the documentation that I find everyone says pf does the translations between rdomains, but is there a way for me to see the translations with pflog? Or is there a better way for me to achieve port forwarding between rdomain 1586 and rdomain 0? Regards, Hendrik Meyburgh
