Re: Logging NAT translations and correlating nat & rule logs

In reply to: Franco Fichtner : "Re: Logging NAT translations and correlating nat & rule logs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Özkan KIRIK <ozkan.kirik_at_gmail.com>
Date: Tue, 28 Dec 2021 10:29:04 UTC

Yes I confirmed that, there is no "rdr pass" rule within the ruleset.

# pfctl -P -sn -a "nat-portForwarding"
rdr log (to pflog3) on em0 inet proto tcp from <allowed_sources> to
172.16.33.10 port = 22 tag FWD_1 -> 192.168.33.1 port 22

# tcpdump -tttt -leqni pflog3
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog3, link-type PFLOG (OpenBSD pflog file), capture
size 262144 bytes
2021-12-28 13:28:02.362191 rule 0/0(match): rdr in on em0:
172.16.33.1.41368 > 172.16.33.10.22: tcp 0

thanks

On Tue, Dec 28, 2021 at 1:18 PM Franco Fichtner <franco@lastsummer.de> wrote:
>
>
> > On 28. Dec 2021, at 7:57 AM, Özkan KIRIK <ozkan.kirik@gmail.com> wrote:
> >
> > And also, rule number and subrulenr information is missing.
>
> Have you tried to confirm that this wasn't already the case for
> "rdr pass" combinations before?
>
>
> Cheers,
> Franco
>