On Tuesday 31 January 2006 20:54, Eduard Vopicka wrote: > My goal is to use pf to force (via NAT) different IP outgoing addresses > depending on UID and/or GID of the program establishing the connection, for > connections originating locally on machine with FreeBSD 5.4. (I do not > expect this to work for setuid/setgid programs.) Did you consider just useing jail(8) to jail the processes to the specific IP. This should be most performant and also easy to setup (depending on your configuration requirements). If you are concerned with daemons here it's a matter of perpending "jail / hostname IP" to the startup script, if you are concerned with real useres it's a bit more complicated, but there are dozens of tutorials on the web. -- /"\ Best regards, | mlaier@xxxxxxxxxxx \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Attachment:
pgpbtE6949Ji4.pgp
Description: PGP signature