Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Dec 2021 13:29:04 +0300
From:      =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com>
To:        Franco Fichtner <franco@lastsummer.de>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Logging NAT translations and correlating nat & rule logs
Message-ID:  <CAAcX-AEfgf1UCBw1di8E_xH1i98-ZG99jy2ZOu5ptj2H8tAJQg@mail.gmail.com>
In-Reply-To: <5AB60713-21D3-4EFA-B054-2335DAB8FCC7@lastsummer.de>
References:  <CAAcX-AEJ-gc-FWdx_zKS7n8_=n7V98w2Sahvsvu9XLozZP949g@mail.gmail.com> <C3DF6003-A39A-4C23-9AC5-076D44FC2404@lastsummer.de> <CAAcX-AHdUU47s3E4fitCxCWZ%2BhfDfi3fPjGq%2B5sQ7Ff859dKCA@mail.gmail.com> <CAAcX-AEnDwo7ZMfKoEm1BG6OM-7_uNDyJWSmOqeKMa=WwMx9=A@mail.gmail.com> <CAAcX-AG-3myNw2FTWe=yXE%2Bcan%2BYe3mctbWfx86aMrGXFEvauw@mail.gmail.com> <5AB60713-21D3-4EFA-B054-2335DAB8FCC7@lastsummer.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
Yes I confirmed that, there is no "rdr pass" rule within the ruleset.

# pfctl -P -sn -a "nat-portForwarding"
rdr log (to pflog3) on em0 inet proto tcp from <allowed_sources> to
172.16.33.10 port =3D 22 tag FWD_1 -> 192.168.33.1 port 22

# tcpdump -tttt -leqni pflog3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog3, link-type PFLOG (OpenBSD pflog file), capture
size 262144 bytes
2021-12-28 13:28:02.362191 rule 0/0(match): rdr in on em0:
172.16.33.1.41368 > 172.16.33.10.22: tcp 0

thanks

On Tue, Dec 28, 2021 at 1:18 PM Franco Fichtner <franco@lastsummer.de> wrot=
e:
>
>
> > On 28. Dec 2021, at 7:57 AM, =C3=96zkan KIRIK <ozkan.kirik@gmail.com> w=
rote:
> >
> > And also, rule number and subrulenr information is missing.
>
> Have you tried to confirm that this wasn't already the case for
> "rdr pass" combinations before?
>
>
> Cheers,
> Franco
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAcX-AEfgf1UCBw1di8E_xH1i98-ZG99jy2ZOu5ptj2H8tAJQg>