Date: Wed, 19 Mar 2008 17:10:03 +0600 From: Vadim Goncharov <vadim_nuclight@mail.ru> To: "Kuat Eshengazin" <eskuat@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: using pf to emulate different source ip's Message-ID: <200803191110.m2JBA3WV074945@hostel.avtf.net> In-Reply-To: <e0d9d8fc0803051039n7cb3d768rf34d91ac5a051672@mail.gmail.com> References: <e0d9d8fc0803051039n7cb3d768rf34d91ac5a051672@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Kuat Eshengazin! On Thu, 6 Mar 2008 00:39:01 +0600; Kuat Eshengazin <eskuat@gmail.com> wrote: > I'm testing a device with application layer firewall and one of the features > requires HTTP connection from multiple IP-addresses. > Device logs clients ip addresses and then depending on statistic calculation > tries to do smth with such kind of requests in future (block or pass for > example) > Device directly connected to machine with Freebsd 7.0 + pf > Is it possible to rewrite source ip addresses with pf? > Is it possible to pick up source ip addresses from table or list > randomly/round robin? > I.ve tried to play with nat rules like > nat on $ext_if inet from $ext_if to any -> 192.168.2.0/24 source-hash > but there was no much success. This is possible with ipfw + natd + some scripting/option playing. And you can use both pf and ipfw at the same time. -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803191110.m2JBA3WV074945>