From owner-freebsd-pf@FreeBSD.ORG Fri Oct 19 01:10:47 2007 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 082B016A41B for ; Fri, 19 Oct 2007 01:10:47 +0000 (UTC) (envelope-from nicolas.salvo@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.187]) by mx1.freebsd.org (Postfix) with ESMTP id D2C7813C491 for ; Fri, 19 Oct 2007 01:10:45 +0000 (UTC) (envelope-from nicolas.salvo@gmail.com) Received: by nf-out-0910.google.com with SMTP id b2so303848nfb for ; Thu, 18 Oct 2007 18:10:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=/uJW3vfB0tbajizR8Eh2zCFr9YsBmoebFpf5Tn7cGWQ=; b=mX3UiUzrLYkCejgeGm3oQasIBTFmy5fvk4yzunQZeOkSygLfNVvAxgwEtHF8J998XcNetg8DwF3ND/WGE8o+/vJF3LUgL5OSqZr35fa9pE2Nwg6URgWvwMLf67aQs7TC8YMRDus27W3zG2UlqlLO2i6k1AkYTRF2pzDqzd3y2Qs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=O/eHiFg++P3feZaMFmR27bz7EuQ17qXPgraCGpyicqAnVATerd9E71oEdDJocabDR1DiNTLj5Wwp/SHHYSKaSUCERCgFw1EZS5WMP+sUb+Ah5VMvzX17XNtouhBl8uYalwOfEN9UG/4l0q4rxErzdwamlw2pzE1mn1gEwuFxCSQ= Received: by 10.78.159.7 with SMTP id h7mr903956hue.1192754489252; Thu, 18 Oct 2007 17:41:29 -0700 (PDT) Received: by 10.78.148.17 with HTTP; Thu, 18 Oct 2007 17:41:29 -0700 (PDT) Message-ID: Date: Thu, 18 Oct 2007 21:41:29 -0300 From: "Nicolas Salvo" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: NAT problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Oct 2007 01:10:47 -0000 Hi folks, I have a problem when trying to change the destination port number for a connection, our ISP has a transparent proxy, and we need to bypass it, we have 2 iptables firewalls, when a connection is generated to the port 80 the firewall changes the destination port to 81, and in the other side is reversed, that is done with a DNAT rule in the PREROUTING table, my problem is that I can't find how to do this with PF, we are (trying) to move our gw to FreeBSD, but this it's stacking me. This is what I did: $ext_if = "rl0" $int_if = "rl1" $int_net = "192.168.0.0/24" $proxy_bypass_needed = "xxx.xxx.xxx.xxx" nat on $ext_if from $int_net to $proxy_bypass_needed port 80 -> $ext_if port 81 This was our best effort but we only changed the source port to 81, and we need to change the destination port. I didn't find anything about this in the pf.conf man page nor in google, so I will appreciate your help. Thanks. -- Nicolas A. Salvo Capital Federal Buenos Aires - Argentina