From owner-freebsd-pf@FreeBSD.ORG Thu May 8 08:43:12 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EBB4C1065673 for ; Thu, 8 May 2008 08:43:12 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from marvin.harmless.hu (www.ssl.harmless.hu [195.56.55.205]) by mx1.freebsd.org (Postfix) with ESMTP id A1AE68FC0C for ; Thu, 8 May 2008 08:43:12 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from fw.publishing.hu ([82.131.181.62] helo=twoflower.in.publishing.hu) by marvin.harmless.hu with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1Ju1iZ-000Mdi-KA; Thu, 08 May 2008 10:43:11 +0200 Date: Thu, 8 May 2008 10:43:08 +0200 From: CZUCZY Gergely To: Oleksandr Samoylyk Message-ID: <20080508104308.702e8911@twoflower.in.publishing.hu> In-Reply-To: <4822BB8A.8030507@samoylyk.sumy.ua> References: <48222786.3050400@samoylyk.sumy.ua> <20080508085234.2cac29ca@twoflower.in.publishing.hu> <4822B459.6090307@samoylyk.sumy.ua> <20080508101252.4d25b9eb@twoflower.in.publishing.hu> <4822BB8A.8030507@samoylyk.sumy.ua> Organization: Harmless Digital X-Mailer: Claws Mail 3.3.1 (GTK+ 2.10.11; i386-portbld-freebsd6.2) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/geKEQbz3FrEYRYCTsonydfv"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Sender: Czuczy Gergely Cc: freebsd-pf@freebsd.org Subject: Re: iptables rule in pf X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 May 2008 08:43:13 -0000 --Sig_/geKEQbz3FrEYRYCTsonydfv Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 08 May 2008 11:36:26 +0300 Oleksandr Samoylyk wrote: > >> That iptables rule worked for any destination. =20 > > You cannot rewrite a packet's destination address to _any_ destination. > >=20 > > It's like you cannot submit a package at the post office with the > > destination address "any". It's just meaningless. > > =20 >=20 > However it works with iptables. :) >=20 > What can I do in my situation in order to gain the same functionality by= =20 > means of pf or other additional daemons? No, it doesn't. That iptables rule only affects the port number, where it defaults to the original dst address. So it defaults to something, where as= pf doesn't. With pf you have to explicitly specify the rewritten dst IP. In my first reply I've told you to read the openbsd FAQ. You haven't done i= t. I _strongly_ suggest you, before doing your next reply to the list. go and re= ad that FAQ. Here's the URL once more, I bet you've lost it under your desk... http://www.openbsd.org/faq/pf/ --=20 Sincerely, CZUCZY Gergely Harmless Digital Bt mailto: gergely.czuczy@harmless.hu Tel: +36-30-9702963 --Sig_/geKEQbz3FrEYRYCTsonydfv Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQFIIr0ezrC0WyuMkpsRAvnJAKChDiocqfMRXO4jepbb85Z4e9mysACeJzuC xdSmoJPpL6YsW4AxtvztVZA= =5t+S -----END PGP SIGNATURE----- --Sig_/geKEQbz3FrEYRYCTsonydfv--