From owner-freebsd-pf@FreeBSD.ORG  Wed Jun 30 16:50:26 2010
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6BD7D106566B
	for <freebsd-pf@freebsd.org>; Wed, 30 Jun 2010 16:50:26 +0000 (UTC)
	(envelope-from luizgustavo@luizgustavo.pro.br)
Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 0BFB88FC0A
	for <freebsd-pf@freebsd.org>; Wed, 30 Jun 2010 16:50:25 +0000 (UTC)
Received: by wyb34 with SMTP id 34so1225470wyb.13
	for <freebsd-pf@freebsd.org>; Wed, 30 Jun 2010 09:50:17 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.154.76 with SMTP id g54mr11617260wek.36.1277916616069; 
	Wed, 30 Jun 2010 09:50:16 -0700 (PDT)
Received: by 10.216.178.134 with HTTP; Wed, 30 Jun 2010 09:50:15 -0700 (PDT)
In-Reply-To: <E1OU0Iv-000JKp-95@ffe9.ukr.net>
References: <AANLkTimDyUL8BWaik3XbgixUakz_r_KgO63LwDoNsODK@mail.gmail.com>
	<E1OU0Iv-000JKp-95@ffe9.ukr.net>
Date: Wed, 30 Jun 2010 13:50:15 -0300
Message-ID: <AANLkTikxUfjPEc2D9j-heSB8MWbwRxj2p7qrK32SDDJ7@mail.gmail.com>
From: "Luiz Gustavo S. Costa" <luizgustavo@luizgustavo.pro.br>
To: Vitaliy Vladimirovich <artemrts@ukr.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-pf@freebsd.org
Subject: Re: Re[2]: rdr + reply-to, some solution ?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jun 2010 16:50:26 -0000

Hi,

Yep!

# Nat section
rdr on $if_ext2 proto tcp from any to $ip_ext2 port http tag
http_link2 -> $dmz_http

# Rule section
pass in quick on $if_ext2 reply-to ($if_ext2 $gw_ext2) tagged http_link2

The reply-to is apply on the tag match.

Thanks for Gabriel !

2010/6/30 Vitaliy Vladimirovich <artemrts@ukr.net>:
>
> =A0=A0=A0=A0=A0=A0 Hi Luiz!
>
> =A0=A0 Can you post here your working final ruleset with rdr + replye-to?=
 Only
> rdr + reply-to section.
>
> =A0 Thank you!
>
>
> PERFECT !!!!!
>
> This is it ! (tribute to MJ)
>
> worked perfectly, had not really thought about using tag, perfect.
>
> thank you (valeu !)
>
> goodbye rinetd/redir !
>
> 2010/6/28 Gabriel Fonseca <gabriel@ethx.com.br>:
>> 2010/6/28 Luiz Gustavo S. Costa <luizgustavo@luizgustavo.pro.br>
>>>
>>> hi Chris ! how are you?
>>>
>>> as it says here in Brazil: "I eat ball" :).
>>>
>>> pass in $if_int reply-to ($if_ext2 $gw_ext2) proto tcp from any to
>>> 192.168.1.100 port 80
>>>
>>> but still, the combination does not work
>>>
>>> thanks
>>>
>>>
>>> 2010/6/28 Chris Buechler <cbuechler@gmail.com>:
>>> > On Mon, Jun 28, 2010 at 5:12 PM, Luiz Gustavo S. Costa
>>> > <luizgustavo@luizgustavo.pro.br> wrote:
>>> >> Hi all.
>>> >>
>>> >> I know there is a problem in using rdr with the reply-to, I usually
>>> >> use some software to "rdr", as the rinetd, but it's not a pretty
>>> >> solution.
>>> >>
>>> >> Is there any alternative?
>>> >>
>>> >> Below is an example of what I'm talking about.
>>> >>
>>> >> # Nat section
>>> >> rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 ->
>>> >> 192.168.1.100
>>> >> # Rules section
>>> >> pass in $if_ext2 reply-to ($if_ext2 $gw_ext2) proto tcp from any to
>>> >> 200.x.x.x port 80
>>> >>
>>> >
>>> > That rule won't match traffic from that rdr. The dest has to be the
>>> > 192.168.1.100 IP.
>>> >
>>>
>>>
>>>
>>> --
>>> Luiz Gustavo Costa (Powered by BSD)
>>> *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
>>> mundoUnix - Consultoria em Software Livre
>>> http://www.mundounix.com.br
>>> ICQ: 2890831 / MSN: contato@mundounix.com.br
>>> Tel: 55 (21) 2642-3799 / 7582-0594
>>> Blog: http://www.luizgustavo.pro.br
>>> _______________________________________________
>>> freebsd-pf@freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>>
>>
>> Hi, Luiz "gugaBSD" Gustavo.
>> I don't exactly what your need, but I'll try help.
>>
>> Try this:
>> rdr on $if_ext2 proto tcp from any to 200.x.x.x port 80 tag LINK2 ->
>> 192.168.1.100
>> pass in quick on $if_ext2 reply-to ( $if_ext2 $gw_ext2=A0 ) tagged LINK2
>>
>> I hope that helps.
>>
>> Gabriel "ethX" Fonseca
>>
>>
>>
>>
>>
>
> --
> Luiz Gustavo Costa (Powered by BSD)
> *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
> mundoUnix - Consultoria em Software Livre
> http://www.mundounix.com.br
> ICQ: 2890831 / MSN: contato@mundounix.com.br
> Tel: 55 (21) 2642-3799 / 7582-0594
> Blog: http://www.luizgustavo.pro.br
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>
>



--=20
Luiz Gustavo Costa (Powered by BSD)
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
mundoUnix - Consultoria em Software Livre
http://www.mundounix.com.br
ICQ: 2890831 / MSN: contato@mundounix.com.br
Tel: 55 (21) 2642-3799 / 7582-0594
Blog: http://www.luizgustavo.pro.br