From owner-freebsd-pf@FreeBSD.ORG Thu Apr 18 07:29:00 2013 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 433FC9D2 for ; Thu, 18 Apr 2013 07:29:00 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-qe0-f45.google.com (mail-qe0-f45.google.com [209.85.128.45]) by mx1.freebsd.org (Postfix) with ESMTP id 04CE9FDF for ; Thu, 18 Apr 2013 07:28:59 +0000 (UTC) Received: by mail-qe0-f45.google.com with SMTP id 1so1451789qee.32 for ; Thu, 18 Apr 2013 00:28:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=yZ5fnvrW5BkW85TZmBiclRkECFTVr9TH0mQowpFJ6ek=; b=OKQ7WZh3jeLOvvM92/Isz93XZ3QYam1KIXj8ceashVLMrqKIfIPb+XuRhcmjcI+qBq MVRE0j96T5eYdJDIxJQHFOfjsIGr+mBM73mte14MnV2shO5LXC6pPCajGEhGwlVN9a6o o0ss4eOmE+1RvtL5gPgJqK2mfSon87qLD4YIt09GJjrqwh+KoaHkuwmp5vT9zgO/bCei WhVTOk8GV2wMOyaasKCNZ0qlvH4ef9lutPpWL2PVg0QQ3xhe2nPZbhmud5sFwZZhiLnD bVOzIecvhIzi4em6Nq3/N4g0dPitvbNNg6+xw1+xw3Ad0b2rRXtfN1oA6oyM28GgHvDQ xpag== MIME-Version: 1.0 X-Received: by 10.224.40.197 with SMTP id l5mr9421109qae.41.1366270138921; Thu, 18 Apr 2013 00:28:58 -0700 (PDT) Sender: ermal.luci@gmail.com Received: by 10.49.49.37 with HTTP; Thu, 18 Apr 2013 00:28:58 -0700 (PDT) In-Reply-To: References: Date: Thu, 18 Apr 2013 09:28:58 +0200 X-Google-Sender-Auth: v9kFhZ3MXjQLd84PHWrWK7tT2GY Message-ID: Subject: Re: peer address over pf rdr From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: =?ISO-8859-2?Q?Radek_Krej=E8a?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Apr 2013 07:29:00 -0000 On Thu, Apr 18, 2013 at 9:11 AM, Radek Krej=C4=8Da wrote: > Hello, > > I need to get in some cases ip address of our customer over nat to my www > page (eg. for stopping spam and give our customer info). I wrote daemon > which listen on port where is traffic of our customers redirected (this i= s > my testing rule): > > > rdr proto tcp from 192.168.255.2 to any port 8009 -> 127.0.0.1 port 9000 > > On port 9000 liste my daemon which get ip address with this function: > > int Getpeerinfo (int sock,char **IP) > { > struct sockaddr_in peer; > int porto; > socklen_t peer_len; > peer_len =3D sizeof(peer); > if (getpeername(sock, (struct sockaddr*)&peer, &peer_len) =3D=3D -1) { > error("getpeername() failed"); > return -1; > } > > *IP=3D (char *)malloc(strlen((char *)(inet_ntoa(peer.sin_addr))) + 1)= ; > strcpy(*IP,(char *)(inet_ntoa(peer.sin_addr))); > porto=3D(int)(peer.sin_port); > return 0 ; > } > > If I connect to port 9000 directly, I got right ip address, but over > redirect in pf is result empty. It looks that pf destroy this information > or is my idea wrong? > > Take a look at squid daemon source code on how he does a lookup on the nat translation table to extract the real customer ip. > Thank you > > Radek > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Ermal