Date: Thu, 18 Apr 2013 09:11:33 +0200 From: =?iso-8859-2?Q?Radek_Krej=E8a?= <radek.krejca@starnet.cz> To: "'freebsd-pf@freebsd.org'" <freebsd-pf@freebsd.org> Subject: peer address over pf rdr Message-ID: <B2E0472020754D45B72E9B0CE35278CAB6D82984CA@EXCHANGE.mail.starnet.cz>
next in thread | raw e-mail | index | archive | help
Hello,
I need to get in some cases ip address of our customer over nat to my www p=
age (eg. for stopping spam and give our customer info). I wrote daemon whic=
h listen on port where is traffic of our customers redirected (this is my t=
esting rule):
rdr proto tcp from 192.168.255.2 to any port 8009 -> 127.0.0.1 port 9000
On port 9000 liste my daemon which get ip address with this function:
int Getpeerinfo (int sock,char **IP)
{
struct sockaddr_in peer;
int porto;
socklen_t peer_len;
peer_len =3D sizeof(peer);
if (getpeername(sock, (struct sockaddr*)&peer, &peer_len) =3D=3D -1) {
error("getpeername() failed");
return -1;
}
*IP=3D (char *)malloc(strlen((char *)(inet_ntoa(peer.sin_addr))) + 1);
strcpy(*IP,(char *)(inet_ntoa(peer.sin_addr)));
porto=3D(int)(peer.sin_port);
return 0 ;
}
If I connect to port 9000 directly, I got right ip address, but over redire=
ct in pf is result empty. It looks that pf destroy this information or is m=
y idea wrong?
Thank you
Radek
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B2E0472020754D45B72E9B0CE35278CAB6D82984CA>