[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using pf to force different outgoing IP address depending on UNIX user/group for locally originating connection?

On Tuesday 31 January 2006 20:54, Eduard Vopicka wrote:
> My goal is to use pf to force (via NAT) different IP outgoing addresses
> depending on UID and/or GID of the program establishing the connection, for
> connections originating locally on machine with FreeBSD 5.4. (I do not
> expect this to work for setuid/setgid programs.)

Did you consider just useing jail(8) to jail the processes to the specific IP.  
This should be most performant and also easy to setup (depending on your 
configuration requirements).  If you are concerned with daemons here it's a 
matter of perpending "jail / hostname IP" to the startup script, if you are 
concerned with real useres it's a bit more complicated, but there are dozens 
of tutorials on the web.

/"\  Best regards,                      | mlaier@xxxxxxxxxxx
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

Attachment: pgpbtE6949Ji4.pgp
Description: PGP signature