|
|
Hi --
I run OpenBSD 6.7 on my home router, which sits between my ISP and a small LAN
with a few other machines on it. I am trying to implement a ruleset that will
cause connections received from certain clients on the WAN interface of the
router to be forwarded to that port on a particular LAN machine. This rule
successfully accomplishes that:
pass in quick on $ext_if proto tcp from $certain_clients to any port $some_port rdr-to $particular_lan _machine
The problem is that I would like to cause *outbound* packets corresponding to
the connections allowed with the "pass" rule above to be *deprioritized" wrt
other outbound traffic, which is where I'm lost. I've had a few ideas, all of
which seem to have failed:
- Adding "set prio 7" to the "pass" rule above does not seem to affect
outgoing packets, according to my tests.
- Adding a separate rule to match and deprioritize outgoing packets does not
work because pf rules aren't even evaluated for packets that match states
created by that "pass" rule.
- Changing the "pass" rule to *not* keep state (which would allow the use of a
separate rule to deprioritize outgoing packets) doesn't work because
"rdr-to" requires state to be kept.
Am I missing something? Any and all insight is appreciated. Thanks.
pete
|
Locked
