On Sat, Aug 28, 2010 at 11:08:10PM +0200, Jean-Francois wrote:
quoted text
> Good evening,
> 
> Is it possible to redirect to an IF or at least an IP range such as following
> rules ?
> 
> match in  on $ext_if proto tcp from any to any port 1024:32768 \
>              rdr-to $int_if

Since all of the manpages use IP addresses, I'm guessing not; you're
likely to be able to get the same effect with using the IP of the
interface intstead of its name. Unless you're mistaken on what
rdr-to does, as this isn't the first time someone appears to have
been under the impression that rdr-to sort of just "poured" the
traffic onto another network.

quoted text
> 
> match in  on $ext_if proto tcp from any to any port 1024:32768 \
>              rdr-to 192.168.100.0/16
> 

rdr-to won't do this, but dup-to may do what you're looking for; however,
it's much more likely that you need to read the section on tables in
the pf.conf man page.

quoted text
> I am not sure it even makes sense in regard of a redirection in a network
> topology but I'll try the question, since it can help to understand.
> 
> I am thinking the probability is very high that a redirection of above kind
> needs to copy as many times the packets as wide as the range of ip is.

Yes, hence the "duplicate" root for "dup-to".

quoted text
> 
> Thanks to help me to understand this point.
> 
> Jean-Frangois