From owner-freebsd-net@FreeBSD.ORG  Sun Nov 19 09:12:31 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B6FE516A494
	for <freebsd-net@freebsd.org>; Sun, 19 Nov 2006 09:12:31 +0000 (UTC)
	(envelope-from alexander.shevchenko@itv.ru)
Received: from msk.itvgroup.ru (msk.itvgroup.ru [85.21.105.66])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 59A2143D46
	for <freebsd-net@freebsd.org>; Sun, 19 Nov 2006 09:12:21 +0000 (GMT)
	(envelope-from alexander.shevchenko@itv.ru)
Received: (qmail 70284 invoked by uid 2550); 19 Nov 2006 09:12:29 -0000
Received: from 10.0.0.166 by msk.itvgroup.ru (envelope-from
	<alexander.shevchenko@itv.ru>, uid 2550) with qmail-scanner-1.25st 
	(clamdscan: 0.88/1485. spamassassin: 3.1.1. perlscan: 1.25st.  
	Clear:RC:1(10.0.0.166):. 
	Processed in 0.048156 secs); 19 Nov 2006 09:12:29 -0000
Received: from unknown (HELO ashevchenko) (alexander.shevchenko@[10.0.0.166])
	(envelope-sender <alexander.shevchenko@itv.ru>)
	by msk.itvgroup.ru (qmail-ldap-1.03) with RC4-MD5 encrypted SMTP
	for <freebsd-net@freebsd.org>; 19 Nov 2006 09:12:28 -0000
From: =?koi8-r?B?4czFy9PBzsTSIPvF197FzsvP?= <alexander.shevchenko@itv.ru>
To: "'Gregory Edigarov'" <greg@bestnet.kharkov.ua>, <freebsd-net@freebsd.org>
Date: Sun, 19 Nov 2006 12:12:28 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AccKMth81iPeWchZS7Ge4+jB3UoyYQBhw6Eg
In-Reply-To: <455D8DF2.2020105@bestnet.kharkov.ua>
X-Qmail-Scanner-Message-ID: <116392754892470278@msk.itvgroup.ru>
Message-Id: <20061119091221.59A2143D46@mx1.FreeBSD.org>
X-Mailman-Approved-At: Sun, 19 Nov 2006 13:11:38 +0000
Cc: 
Subject: RE: How to test a firewall with NAT?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Nov 2006 09:12:31 -0000

U can use "-n" flag for parsing rules before loading them
pfctl -nvvv -f /etc/pf.conf
Look at this port /usr/ports/sysutils/pftop
pftop displays the active packetfilter states, rules, and queues

-----Original Message-----
From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-net@freebsd.org]
On Behalf Of Gregory Edigarov
Sent: Friday, November 17, 2006 1:25 PM
To: freebsd-net@freebsd.org
Subject: How to test a firewall with NAT?

Hello Everybody,

I am trying to move one of my servers/routers from linux/iptables to 
freebsd/pf, and need a methodology of testing the pf firewall ruleset 
before it will  go in production.  I cannot  experiment on live network, 
because it's a busy server.

I only have one other machine available.
What can I do and what tool can you recommend?

Thank you.
--
With best regards,
    Gregory Edigarov