Date: Fri, 15 Jun 2007 14:30:46 -0500 From: David DeSimone <fox@verio.net> To: freebsd-pf@freebsd.org Subject: Re: pf version 3.7 on freebsd Message-ID: <20070615193046.GD21747@verio.net> In-Reply-To: <8142b02f0706151122s2775911fme30e79f67e4da625@mail.gmail.com> References: <8142b02f0706151122s2775911fme30e79f67e4da625@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Leandro Malaquias <lm.net.security@gmail.com> wrote: > > I've heard that the pf version being used on freebsd 6-stable is 3.7 so the > features "pass" and "log" when using "rdr" won't work. "pass" works, but "log" does not. You can work around this by forgoing "pass" and instead use "tag" to add a NAT tag to your redirected packets, then create a "pass" rule which passes and logs the resultant traffic. rdr on $EXT_IF proto tcp from x.x.x.x to y.y.y.y port zz \ tag REDIRECT -> w.w.w.w pass in log quick on $EXT_IF all tagged REDIRECT - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGcujmFSrKRjX5eCoRAmqhAJ4/FeplWFekEhytmIPF8I4GERkRmQCeNh58 X5luzos0BKO1ZRB0FVUzNdQ= =p3Vi -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070615193046.GD21747>