Re: PF: Redirect SOCKS connections to another server on a different net

[Charlie]

Below comes the solution to this problem. For the explanations on why it works,
you may refer to the original answer [1].

# sysctl net.inet.ip.forwarding=1
# cat /etc/pf.conf
  ...
  pass in on re0 proto tcp from any to (re0) port 1080 rdr-to 10.64.0.1 tag nat
  pass out on wg0 proto tcp nat-to (wg0) tagged nat
  ...

[1]
https://marc.info/?l=openbsd-pf&m=168215778109013&w=2

Cheers,
Charlie

PF: Redirect SOCKS connections to another server on a different net

[Charlie]

On an OpenBSD 7.2 system, I have access to a SOCKS proxy server
through VPN. After the VPN connection is established, any program that
supports SOCKS proxy can reach it by setting the relevant local VPN
address, 10.64.0.1, and the usual port number 1080.

I want to share the access to this proxy server on my OpenBSD machine
with other systems in my home network. So basically what I want is to
open a 1080 port on the OpenBSD server and redirect it to the local
VPN address 10.64.0.1. I have been successful in doing so with the
help of the "socat" program:

$ socat tcp-listen:1080,bind=192.168.1.10,reuseaddr,fork \
tcp:10.64.0.1:1080

I would very much like to replace the above command with pf rule(s).
All the combinations I tried with "rdr-to", "nat-to", "divert-to",
"synproxy state", etc. did not work. Could someone kindly point me in
the right direction (pun intended)?

Below is an illustration of my setup and the desired forwarding.

 ,--- OpenBSD system . VPN 
 |   |   / \
  ,--+-.,+. .---.
  | re0|| wg0:| | 10.64.0.1 |
  | 192.168.1.0/24 || 10.76.150.11/32 |-|   |
  :1080<===>:1080   |
  `--+-'`+' `---'
 |   |
 `---'

Cheers,
Charlie