Date: Fri, 15 Jun 2007 14:30:46 -0500 From: David DeSimone <fox@verio.net> To: freebsd-pf@freebsd.org Subject: Re: pf version 3.7 on freebsd Message-ID: <20070615193046.GD21747@verio.net> In-Reply-To: <8142b02f0706151122s2775911fme30e79f67e4da625@mail.gmail.com> References: <8142b02f0706151122s2775911fme30e79f67e4da625@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Leandro Malaquias <lm.net.security@gmail.com> wrote:
>
> I've heard that the pf version being used on freebsd 6-stable is 3.7 so the
> features "pass" and "log" when using "rdr" won't work.
"pass" works, but "log" does not.
You can work around this by forgoing "pass" and instead use "tag" to add
a NAT tag to your redirected packets, then create a "pass" rule which
passes and logs the resultant traffic.
rdr on $EXT_IF proto tcp from x.x.x.x to y.y.y.y port zz \
tag REDIRECT -> w.w.w.w
pass in log quick on $EXT_IF all tagged REDIRECT
- --
David DeSimone == Network Admin == fox@verio.net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGcujmFSrKRjX5eCoRAmqhAJ4/FeplWFekEhytmIPF8I4GERkRmQCeNh58
X5luzos0BKO1ZRB0FVUzNdQ=
=p3Vi
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070615193046.GD21747>