From owner-freebsd-pf@FreeBSD.ORG Sat Mar 19 12:11:33 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C00EA106567F for ; Sat, 19 Mar 2011 12:11:33 +0000 (UTC) (envelope-from vilem.kebrt@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4A5648FC1E for ; Sat, 19 Mar 2011 12:11:31 +0000 (UTC) Received: by bwz12 with SMTP id 12so4461034bwz.13 for ; Sat, 19 Mar 2011 05:11:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=Ji4xYFDT9jWYXrRCMo/D/s/GC5WM9uhgpzqRKMLBW6I=; b=oo3JFqbVQWhE/vfyNHsMkx8k6v3w+siUODsNcw6zsUuXTmNi7V5PY9O86NQhKYqcCm wIdfZ5cEcagqDURYz/xOLOB20oH+4PrkJgf2vq62nrJKZKqX/M/ct7JDt4ZbRXCTF/yO JZZ0CmgSyWorMfZIccNQMK9YXtes8OKemn6vs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=o+bzSG/X4h3X+CWY892LUpe1HbQpC68mn1v7VO3ty+7FG+CPzHVQdIj2J2pkAEYAQ4 k507axn5vupxT+v8m9B8WsJvVl8/rOTl87/dQz6RODR+fWzrh8HNF0azqxRO7SDkPJlk rOY7Hz4qilO6t+Wzukgi4dg2F+c1Qjl5jaIK8= Received: by 10.204.170.130 with SMTP id d2mr1908632bkz.116.1300535078564; Sat, 19 Mar 2011 04:44:38 -0700 (PDT) Received: from [192.168.133.10] (ip-89-103-9-22.net.upcbroadband.cz [89.103.9.22]) by mx.google.com with ESMTPS id v21sm2816977bkt.23.2011.03.19.04.44.36 (version=SSLv3 cipher=OTHER); Sat, 19 Mar 2011 04:44:37 -0700 (PDT) Message-ID: <4D849722.9010003@gmail.com> Date: Sat, 19 Mar 2011 12:44:34 +0100 From: Vilem Kebrt User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; cs; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <20110131112244.839B610656A8@hub.freebsd.org> <9C34D3E1-5F82-461B-AD1D-9BD7402D794E@littlebluecar.co.uk> <4D838372.2060401@gibfest.dk> <64167BE5-C27D-415C-A490-0953DC30B6DD@littlebluecar.co.uk> In-Reply-To: <64167BE5-C27D-415C-A490-0953DC30B6DD@littlebluecar.co.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: PFsync & RDR/NAT X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Mar 2011 12:11:33 -0000 Dne 19.3.2011 9:46, Melissa Jenkins napsal(a): > Hi Thomas, > > I wish it was that simple :( > > If I add it to the rdr I get an error loading the file: > rdr pass on $if proto udp from to any port 53 -> 127.0.0.1 port 53 keep state (no-sync) > > pf.conf:124: syntax error Hi Melissa, call me old school but keep state on UDP ? btw on rdr is no pass. - pass is to filter rules, rdr to nat rules :) example: rdr on em0 proto {tcp,udp} from any to $my_ip port 53 -> $int_ip port 53 I'm using both protocols, 'cause when response is long, dns resolver will use tcp. William