PF's DIOCNATLOOK system call can not obtain correct return data in OpenBSD
7.3-7.5, but this call was normal before OpenBSD 7.3. I tested it on
OpenBSD 7.2 and OpenBSD 6.9 and both returned correct data.
The test code is at the end of the report (from man page of PF with a
little modification), an
Not directly answering about the change to DIOCNATLOOK (I don't know the
answer), but that's generally not recommended any more anyway - the
preferred option for transparent proxies is to use "divert-to" and then,
for TCP, getsockname(2), or for UDP, IP_RECVDSTADDR/IPV6_RECVDSTPORT
etc. In particul
Thanks for your reply, I changed the rdr-to rule in the PF rules to
divert-to,
but when I try to connect from another computer,
I get a "Connection refused" error, follow is the test step:
1. PF test rules on the openbsd box with IP 192.168.11.4:
set skip on lo0
pass in quick log on em0 inet proto
It's working now, the netcat must listen on lo0:
nc -kl 127.0.0.1 400
thanks for help!
--
xiangbo
On Sat, May 11, 2024 at 2:34 AM Stuart Henderson
wrote:
> Not directly answering about the change to DIOCNATLOOK (I don't know the
> answer), but that's generally not recommended any more anyway -
