Date: Thu, 18 Apr 2013 09:11:33 +0200 From: =?iso-8859-2?Q?Radek_Krej=E8a?= <radek.krejca@starnet.cz> To: "'freebsd-pf@freebsd.org'" <freebsd-pf@freebsd.org> Subject: peer address over pf rdr Message-ID: <B2E0472020754D45B72E9B0CE35278CAB6D82984CA@EXCHANGE.mail.starnet.cz>
next in thread | raw e-mail | index | archive | help
Hello,
I need to get in some cases ip address of our customer over nat to my www page (eg. for stopping spam and give our customer info). I wrote daemon which listen on port where is traffic of our customers redirected (this is my testing rule):
rdr proto tcp from 192.168.255.2 to any port 8009 -> 127.0.0.1 port 9000
On port 9000 liste my daemon which get ip address with this function:
int Getpeerinfo (int sock,char **IP)
{
struct sockaddr_in peer;
int porto;
socklen_t peer_len;
peer_len = sizeof(peer);
if (getpeername(sock, (struct sockaddr*)&peer, &peer_len) == -1) {
error("getpeername() failed");
return -1;
}
*IP= (char *)malloc(strlen((char *)(inet_ntoa(peer.sin_addr))) + 1);
strcpy(*IP,(char *)(inet_ntoa(peer.sin_addr)));
porto=(int)(peer.sin_port);
return 0 ;
}
If I connect to port 9000 directly, I got right ip address, but over redirect in pf is result empty. It looks that pf destroy this information or is my idea wrong?
Thank you
Radek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B2E0472020754D45B72E9B0CE35278CAB6D82984CA>