From owner-freebsd-pf@FreeBSD.ORG Wed Mar 19 17:17:17 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9DEFA1065677 for ; Wed, 19 Mar 2008 17:17:17 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.243]) by mx1.freebsd.org (Postfix) with ESMTP id 5DC228FC24 for ; Wed, 19 Mar 2008 17:17:17 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so186461anc.13 for ; Wed, 19 Mar 2008 10:17:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=pgcFG+O7/gYqK/ei2L29KNw+v1AtfzSU3Kq+CWe/JCg=; b=SlZZqcSn+pGnxRs+s0UyUm2eV6uDNPQX8a5nB8ifgOi54uHp2orN9/TksP1822BMitKbcO44eyGjCN82EZkDRPX9erUXUcyFIjMp7l65vKLemUVtPmm83DhQRrTzOciqMbCntk8tkeScB1rj6XMTC/ZT+RiW+a5LNDimBG3Sids= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ZSxCmEDXgZP0g68ZVlxnLkqq0GWuBQTDpKmodeCWuqRX6CqP+ekEA3DhV+INSVBLCaFur7BjV9iVAiaCGcWlhNt8wYcrxeixQr6AjZqNZqM0M35bxfy1uGNQH31SkDc5jnF3aje3vTsmELtOLTo+ZUl2qlGsCc8wAC+Rs4iGGA0= Received: by 10.100.33.9 with SMTP id g9mr2292136ang.105.1205945377212; Wed, 19 Mar 2008 09:49:37 -0700 (PDT) Received: by 10.100.240.5 with HTTP; Wed, 19 Mar 2008 09:49:37 -0700 (PDT) Message-ID: <9a542da30803190949v3807fa60o5ff14ee6280d72c@mail.gmail.com> Date: Wed, 19 Mar 2008 17:49:37 +0100 From: "=?ISO-8859-1?Q?Ermal_Lu=E7i?=" To: "Kuat Eshengazin" In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: Cc: freebsd-pf@freebsd.org Subject: Re: using pf to emulate different source ip's X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Mar 2008 17:17:17 -0000 On Wed, Mar 5, 2008 at 7:39 PM, Kuat Eshengazin wrote: > Hi, > > > I'm testing a device with application layer firewall and one of the features > requires HTTP connection from multiple IP-addresses. > Device logs clients ip addresses and then depending on statistic calculation > tries to do smth with such kind of requests in future (block or pass for > example) > Device directly connected to machine with Freebsd 7.0 + pf > > > Is it possible to rewrite source ip addresses with pf? > Is it possible to pick up source ip addresses from table or list > randomly/round robin? > > I.ve tried to play with nat rules like > nat on $ext_if inet from $ext_if to any -> 192.168.2.0/24 source-hash Try it this way. nat on $interface from self to any -> $iptouse source-hash > but there was no much success. > > > > Please CC me when answering. > > p.s. > Currently what i.m doing is simply changing interface ip address by ifconfig > command before each HTTP request. > > > Thanks in advance > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >