From owner-freebsd-pf@FreeBSD.ORG  Wed Mar 19 11:38:29 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4B390106566C
	for <freebsd-pf@freebsd.org>; Wed, 19 Mar 2008 11:38:29 +0000 (UTC)
	(envelope-from vadim@hostel.avtf.net)
Received: from hostel.avtf.net (ip82-117-84-33.vpn.tomsk.net [82.117.84.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 9F2FC8FC2C
	for <freebsd-pf@freebsd.org>; Wed, 19 Mar 2008 11:38:19 +0000 (UTC)
	(envelope-from vadim@hostel.avtf.net)
Received: from hostel.avtf.net (localhost [127.0.0.1])
	by hostel.avtf.net (8.14.1/8.14.1) with ESMTP id m2JBA48Y074948;
	Wed, 19 Mar 2008 17:10:04 +0600 (NOVT)
	(envelope-from vadim@hostel.avtf.net)
Received: (from vadim@localhost)
	by hostel.avtf.net (8.14.1/8.14.1/Submit) id m2JBA3WV074945;
	Wed, 19 Mar 2008 17:10:03 +0600 (NOVT) (envelope-from vadim)
Message-Id: <200803191110.m2JBA3WV074945@hostel.avtf.net>
To: "Kuat Eshengazin" <eskuat@gmail.com>
From: Vadim Goncharov <vadim_nuclight@mail.ru>
In-Reply-To: <e0d9d8fc0803051039n7cb3d768rf34d91ac5a051672@mail.gmail.com>
References: <e0d9d8fc0803051039n7cb3d768rf34d91ac5a051672@mail.gmail.com>
X-Comment-To: Kuat Eshengazin
Date: Wed, 19 Mar 2008 17:10:03 +0600
Cc: freebsd-pf@freebsd.org
Subject: Re: using pf to emulate different source ip's
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: vadim_nuclight@mail.ru
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2008 11:38:29 -0000

Hi Kuat Eshengazin! 

On Thu, 6 Mar 2008 00:39:01 +0600; Kuat Eshengazin <eskuat@gmail.com> wrote:

> I'm testing a device with application layer firewall and one of the features
> requires HTTP connection from multiple IP-addresses.
> Device logs clients ip addresses and then depending on statistic calculation
> tries to do smth with such kind of requests in future (block or pass for
> example)
> Device directly connected to machine with Freebsd 7.0 + pf
> Is it possible to  rewrite source ip addresses with pf?
> Is it possible to  pick up  source  ip addresses from table or list
> randomly/round robin?
> I.ve tried to play with nat rules like
> nat on $ext_if inet from $ext_if to any -> 192.168.2.0/24 source-hash
> but there was no much success.

This is possible with ipfw + natd + some scripting/option playing. And you can
use both pf and ipfw at the same time.

-- 
WBR, Vadim Goncharov. ICQ#166852181       mailto:vadim_nuclight@mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]