Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Mar 2006 11:43:09 +0200
From:      husnu demir <hdemir@metu.edu.tr>
To:        Huzeyfe Onal <huzeyfe.onal@gmail.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: dup-to - How works??
Message-ID:  <20060309094307.GA913536@metu.edu.tr>
In-Reply-To: <ffa9ac690603090132o5f24c6y117e9e8640fe0e1b@mail.gmail.com>
References:  <20060309090302.GA2392258@metu.edu.tr> <ffa9ac690603090132o5f24c6y117e9e8640fe0e1b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Mar 09, 2006 at 11:32:30AM +0200, Huzeyfe Onal wrote:
> Hi,
> with these rules you sent packets which coming from on $int_if, to
> 10.0.0.1host, run PF at
> 10.0.0.1 side and write a rule which log the packets. Then you can see the
> packets with tcpdump -i pflog0 ...
> 
> 
> 
> On 3/9/06, husnu demir <hdemir@metu.edu.tr> wrote:
> >
> > Hi,
> >
> > I tried to duplicate the traffic to another interface by writing ;
> >
> >
> > inf_if = "bge0"
> > dup_if = "bge1"
> > dup_ip = "10.0.0.1"
> >
> >
> >
> > block all
> > pass in on $int_if dup-to ($dup_if $dup_ip)
> >
> > pass all keep state
> >
> >
> >
> >
> > This is just a simple ruleset. I just want to show the case. Since the
> > last statement is valid all the packets get through the last statement and
> > dup-to rule is not used at all. If I put a quick keword which is not what I
> > want all the traffic route-to there (bge1) but no other traffic pass.
> >
> > The logic that I need is that: I want to copy all the traffice that rule
> > implies to dup_if and then pass the traffic goes through the other PF rules
> > in the list and get routed.
> >
> >
> > Can you help me. I could not solved the problem :(
> >
> > Husnu Demir.


Yes, I understand the logic behind dup-to. I added all the pass statements to dup-to statement. So that if the packet matches the rule it also dup-to where I want. 

I, at first, thought that I will write a rule to dup all the traffic then PF will continue to proceed with the next rule statement. I understand that is not the situation :))

Thanks, and sorry about disturb you.

Husnu Demir.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060309094307.GA913536>