Date: Sat, 19 Mar 2011 15:20:16 +0100 From: Thomas Steen Rasmussen <thomas@gibfest.dk> To: Melissa Jenkins <melissa-freebsdstable@littlebluecar.co.uk> Cc: freebsd-pf@freebsd.org Subject: Re: PFsync & RDR/NAT Message-ID: <4D84BBA0.40208@gibfest.dk> In-Reply-To: <64167BE5-C27D-415C-A490-0953DC30B6DD@littlebluecar.co.uk> References: <20110131112244.839B610656A8@hub.freebsd.org> <9C34D3E1-5F82-461B-AD1D-9BD7402D794E@littlebluecar.co.uk> <4D838372.2060401@gibfest.dk> <64167BE5-C27D-415C-A490-0953DC30B6DD@littlebluecar.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19.03.2011 09:46, Melissa Jenkins wrote: > Hi Thomas, > > I wish it was that simple :( > > If I add it to the rdr I get an error loading the file: > rdr pass on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53 keep state (no-sync) > > pf.conf:124: syntax error > > If I put it on the pass rule it doesn't stop the state from being synchronised... I'm guessing because the state was created by the RDR rule. I've tried in Freebsd 8.0 & 8.1 > Hello, You need to remove the "pass" keyword from the RDR rule and make an explicit "pass" rule with the no-state keyword. So instead of: rdr pass on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53 keep state (no-sync) You do: rdr on $if proto udp from <napts> to any port 53 -> 127.0.0.1 port 53 pass in on $if inet proto udp from <napts> to 127.0.0.1 port 53 keep state (no-sync)Best regards Let me know how it works out. Thomas Steen Rasmussen ps. Please don't top-post :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D84BBA0.40208>