I'm having some trouble getting my head around how PF works in Mac OS. I have been doing a lot of research on the topic but just cannot find the solution (although I can find many other very similar questions without an answer).
My goal is to redirect an outgoing packet that uses UDP port (21928) being sent to a multicast address (225.0.0.37) to a different UDP port (6010) of the same multicast address before it leaves my interface.
If this is not possible, redirecting the port (21928) to the address 192.168.0.20:6010 would be the next best thing, however the original multicast address is preferable.
Now as far as I can tell, you cannot use PF rules on outgoing packets, however you can redirect those packets to the loopback address and then perform rules this way.
rdr pass inet proto udp from any to 225.0.0.37 port 21928 -> 225.0.0.37 port 6010
pass out on en4 route-to lo0 proto udp from en4 to 225.0.0.37 port 21928 keep state
These are the current rules I'm playing with, and in wireshark I can see that when PF is active, the packet enters the loopback interface, however other than this nothing happens (when i disable PF, the packet leaves as originally intended on 225.0.0.37:21928 indicating that PF is doing something when enabled at least).
Additionally I have enabled this command:
sysctl net.inet.ip.forwarding=1
I'm not sure what I'm doing wrong here. Any help would be very much appreciated.
